New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Critical UniFi OS bug lets hackers gain root without authentication

Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root ...
The Hacker News

⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More

Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a ...
Opinion
HackadayOpinion

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...
Graham Cluley

Smashing Security podcast #470: This AI security flaw might be impossible to fix

A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels.
The Hacker News

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal ...
The Verge

Google stopped a zero-day hack that it says was developed with AI

Google researchers found evidence in the exploit’s code that it may have been created using AI, like a ‘hallucinated’ CVSS score. Google researchers found evidence in the exploit’s code that it may ...
KTLA

McDonald’s customers are using this hack to recreate In-N-Out’s Animal Style burger

Fast food fans may have found a way to satisfy their In-N-Out cravings without stepping foot inside the beloved California burger chain. According to a recent article from Food Republic, McDonald’s ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

AI agents have fundamentally changed the threat model of AI model-based applications. By equipping these models with plugins (also called tools), your agents no longer just generate text; they now ...
Inc

Inside OpenAI, This Productivity Hack Is Giving Workers Their Own Chief of Staff. You Can Use It Too

Inside OpenAI, the company behind ChatGPT, employees both technical and non-technical are using Codex, the company’s agentic coding app, to handle an increasing amount of work. Codex is OpenAI’s label ...
CNBC

There's an 'art' to writing AI prompts for personal finance, MIT professor says

Many people are turning to artificial intelligence for personal finance advice. Writing a good AI prompt can mean the difference between receiving a reasonable or poor output, experts said. While AI ...
TWCN Tech News

How to skip consent prompt for RDP connections in Windows Server

In this post, we will show you how to skip the consent prompt for RDP connections in Windows Server. Microsoft has released a security update for the Remote Desktop Connection that will show a new ...