The Manila Times

Hadrian Releases OpenHack, Democratizing AI Vulnerability Discovery

Hadrian open-sources its methodology for turning commodity Large Language Models (LLMs) into reliable code review tooling ...

Mini Shai-Hulud worm injects disk wiper into Microsoft Azure PyPI package

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...
i-SCOOP

Composer 2.5 in Cursor is built for long running coding work

Composer 2.5 brings stronger long running coding performance to Cursor, with targeted RL, Kimi K2.5 foundations, new pricing, ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.
The Hacker News

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are ...

Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution

Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the ...