New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Microsoft’s open source tools were hacked to steal passwords of AI developers

According to security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware, who were some of the ...
PCMag

Can a VPN Actually Protect You From Hackers? The Answer Is Complicated

From DDoS attacks to public Wi-Fi risks, here's what a VPN is effective against—and the threats that require other tools and ...

Security News This Week: Crypto-Funded Chinese Peptide Labs Are Booming

Plus: Hackers use Meta’s AI bots to hack Instagram accounts, Anthropic helps NSA hackers, a decades-long GPS satellite ...

Shaw Festival review: Funny Girl delivers the laughs to fill a post-Hacks void

Though it’s true that Holmes’s Funny Girl could be more biting in its unpacking of Brice’s life and legacy, the Shaw Festival ...

How a USB-connected speaker can infect a PC without ever being touched

CTP allows devices connected via Bluetooth or USB to send commands to the speaker, such as changing LED colors and equalizer ...
Opinion
HackadayOpinion

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...
MIT Technology Review

The Meta hack shows there’s more to AI security than Mythos

Gong and other scholars have been issuing warnings about the security vulnerabilities of AI agents for a while. They publish ...
Hackaday

If You Want To Hack Me, Come In Through The Speaker

Some security hacks require someone to have physical access to your computer. In many cases, that’s easy to mitigate. Other ...
The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
The Hacker News

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Weedhack malware targets Minecraft players via YouTube and SEO poisoning since Jan 2026, enabling credential theft and remote ...

Ableton is letting musicians build browser-style extensions for Live

The company provides a handful of example extensions that include the ability to bulk rename tracks, sketch out song ...