OpenSSF Notes Quarter of Growth with New Members, Added AI Security Resources, and Growing Community

The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation focused on sustainably ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...
InfoWorld

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

Claude Code Leak: 8100 Takedown Requests and the Birth of Claw-Code

A human error at Anthropic reveals the architecture of autonomous AI agents, sparking a heated debate about copyright for ...
InfoWorld

A better way to work with SQL Server

It’s time to switch to a new development tool for SQL Server and Azure SQL. Here’s how to get started with the MSSQL ...
The Hacker News

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Google identified the first malicious AI use for a zero-day 2FA bypass in an open-source admin tool, accelerating threat ...
Microsoft

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...
Dark Reading

Hackers Use AI for Exploit Development, Attack Automation

Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestrate ...
Tech Wire Asia

Google says hackers are using AI to find zero-days and build malware

Google says attackers are using AI for zero-day research, malware development, reconnaissance, and access to premium AI tools ...
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

OpenAI Launches Daybreak the Same Day Google Confirmed the First AI-Built Zero-Day Attack

On May 11, the same day Google's Threat Intelligence Group disclosed the first confirmed case of attackers using AI to build ...