The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
The Hacker News

Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues

Microsoft confirms it temporarily removed GitHub repos after Miasma worm compromised 73 of its open-source projects to inject ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Datadog expands observability platform to autonomous AI team colleague

At the DASH conference, Datadog presents new features for autonomous IT operations and AI security with Bits AI SRE, AI Guard ...
The Caledonian-Record

Aware Expands Awareness Platform Capabilities with Key Partnerships to Deliver Smarter Identity ...

Aware, Inc. (NASDAQ: AWRE), a global leader in biometric orchestration, today announced substantial innovations to the Awareness Platformâ„¢. New offerings include expanded biometric ...
Opinion
HackadayOpinion

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...

WordPress malware uses Steam profile comments for command and control

The comments on some Steam Profiles are actually loaded with invisible malware.
Crowdfund Insider

Cybercriminals Exploit Fintech Platform Stripe in Credit Card Skimming Operation

An emerging wave of rather concerning online theft is leveraging one of the Fintech sector’s most widely used platforms in order to conceal and reportedly distribute malicious code designed to harvest ...
Techlomedia

73 Microsoft GitHub Repos Compromised in Miasma Malware Attack

Microsoft has confirmed that it temporarily removed several GitHub repositories after a large-scale malware campaign ...

OpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacks

Even with Lockdown Mode, ChatGPT could be still vulnerable to prompt injections, but the goal is to reduce the likelihood ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Researchers demonstrate prompt injection attacks via WhatsApp and Slack notifications

The attack relies on hidden prompts in a foreign language.