A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...

A developer went viral for reconfiguring Chipotle’s customer support bot into a coding assistant, and providing the playbook ...

You might, for example, innocently instruct an AI agent to summarise a thousand-page external document, cross-reference its ...

For more than a year, a self-propagating worm rode VS Code extensions, npm packages, and stolen developer credentials through ...

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...

Socket found seven malicious packages on PyPI The packages were abusing Gmail and WebSocket They were removed from the platform Several malicious PyPI packages were recently observed abusing Gmail to ...

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...

Data is being stolen by a threat actor who is targeting Microsoft 365 and Azure production installations using assaults that ...

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer ...

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

GitHub is investigating a cyberattack linked to a malicious VS Code extension after hackers allegedly accessed thousands of internal repositories and attempted to sell the data online.