New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...

Chinese APT deploys new malware to keep access to hacked networks

A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and ...

I had ChatGPT build me a free PDF editor because I didn't trust it to change my files - it worked!

The smartest way to use AI may not be letting it touch your files, but asking it to write software that handles them safely - ...
CSO Online

Claude Code has an MCP security problem — and your developers are already using it

The Mitiga disclosure is the most recent, but it is not the first time Claude Code’s configuration model has created a ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

The AI company's Bumblebee tool tackles your most urgent question after any supply‑chain advisory: Do your programmers have ...
Wired

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the ...
The Verge

YouTube is expanding its AI deepfake detection tool to all adult users

Likeness detection, which scans YouTube for facial matches, will now be available to anyone 18 years or older with a YouTube account. Likeness detection, which scans YouTube for facial matches, will ...
IEEE

A Systematic Review on Detection, Repair, and Explanation of Vulnerabilities in Source Code Using Large Language Models

Abstract: Software vulnerabilities pose critical risks to the security and reliability of modern systems, requiring effective detection, repair, and explanation techniques. Large Language Models (LLMs ...
USA Today

Spam ditches the can for new format - hot dogs

Spam has unveiled a new product perfect for the dog days of summer. The canned meat brand is now making hot dogs, it announced on its website. The company described the Spam dog as a "reimagination of ...
IEEE

Out-of-Distribution Generalization and Detection With Limited Source Data

Abstract: Out-of-distribution (OOD) generalization and detection have received significant attention in recent years, focusing primarily on addressing covariate shifts and category shifts in modern ...
Microsoft

Accelerating detection engineering using AI-assisted synthetic attack logs generation

Logs and telemetry are the foundation of modern cybersecurity. They enable threat detection, incident response, forensic investigation, and compliance across endpoints, networks, and cloud ...