The Hacker News

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign.
InfoWorld

Google’s Jules coding agent adds CLI, API

Jules CLI makes the AI coding agent scriptable, while the Jules API enables integrations into CI/CD pipelines and other ...
InfoWorld

OpenAI Codex adds SDK, admin tools, Slack integration

Since being launched as a research preview in May, Codex has added Slack integration, an SDK, and admin tools. With the new ...

AI models can acquire backdoors from surprisingly few malicious documents

That means someone tucking certain documents away inside training data could potentially manipulate how the LLM responds to ...

Hackers now use Velociraptor DFIR tool in ransomware attacks

Threat actors have started to use the Velociraptor digital forensics and incident response (DFIR) tool in attacks that deploy ...

Worrying Figma MCP security flaw could let hackers execute code remotely - here's how to stay safe

A new security advisory published on GitHub says the ‘figma-developer-mpc’ npm package is vulnerable to a command injection flaw. Figma is a cloud-based design tool built for ...