The Hacker News

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

More than 30 security flaws in AI-powered IDEs allow data leaks and remote code execution, showing major risks in modern ...
Hackaday

This Week In Security: React, JSON Formatting, And The Return Of Shai Hulud

After a week away recovering from too much turkey and sweet potato casserole, we’re back for more security news! And if you ...

How to Read the Epstein Files Like an Expert

Sometime in the next 15 days, the Justice Department is set to release a huge cache of files related to the late pedophile ...
The Hacker News

Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

Silver Fox targets China with a fake Teams installer that delivers ValleyRAT malware through an SEO poisoning attack.

Shai-Hulud 2.0 Credential Leak Hits Zapier, PostHog and Postman — User Data At Risk

Hulud 2.0,' has created a severe supply chain crisis, compromising key platforms like Zapier, PostHog, and Postman.

A weekend ‘vibe code’ hack by Andrej Karpathy quietly sketches the missing layer of enterprise AI orchestration

Andrej Karpathy’s weekend “vibe code” LLM Council project shows how a simple multi‑model AI hack can become a blueprint for ...
Rock Paper Shotgun

Hooded Horse's latest strategy RPG looks like some Final Fantasy mercs invaded the world of Battle Brothers

Pathbreakers: Roaming Blades is a new hex and turn-based strategy game from 6 Eyes and Hooded Horse in which you manage a ...
SecurityWeek

Thousands of Secrets Leaked on Code Formatting Platforms

Users of code formatting platforms are exposing thousands of secrets and other types of sensitive information.

Google’s Mueller Questions Need For LLM-Only Markdown Pages

Google's John Mueller pushes back on building LLM-only Markdown or JSON pages for LLMs, saying clean HTML and structured data ...

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...
ABC News

Republicans hyped the Epstein files for years. Now Trump is under pressure to deliver

The Justice Department is on the clock to release files relating to Jeffrey Epstein after President Donald Trump signed a measure passed by Congress WASHINGTON -- What began as a campaign-trail ...
SecurityWeek

Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks

A Chinese threat actor tracked as APT24 has been observed employing multiple techniques to deploy BadAudio malware ...