CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

AI-built ransomware toolkit automates EDR evasion, AD discovery

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade ...
Infosecurity Magazine

Threat Actor Uses AI to Build EDR Evasion Tools

A threat actor has been observed using AI coding tools to develop and refine malware designed to slip past endpoint detection ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...
eWeek

Gemma 4 12B Turns Laptops Into Tiny Supercomputers

Google DeepMind just rolled out Gemma 4 12B, a 12-billion-parameter model that can parse text, images, audio, and video ...
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
Memeburn

GitHub Hack Exposes 3,800 Repos and a Bigger VS Code Risk

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...
Hosted on MSN

Gmail servers hijacked by malicious PyPI packages to spread havoc - here's how to stay safe

Socket found seven malicious packages on PyPI The packages were abusing Gmail and WebSocket They were removed from the platform Several malicious PyPI packages were recently observed abusing Gmail to ...

I had ChatGPT build me a free PDF editor because I didn't trust it to change my files - it worked!

The smartest way to use AI may not be letting it touch your files, but asking it to write software that handles them safely - ...

Dashlane explains how attackers managed to download encrypted password vaults

Dashlane said that attackers mounted a coordinated hacking campaign against a large base of its users in an attempt to ...
Hosted on MSN

I found the easiest way to encrypt files on Android (it takes just 30 seconds)

Androids have become fortresses that can stop threats and protect data when powered off. However, they haven't consistently given us the ability to easily and quickly lock down a single, sensitive ...