Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

The AI company's Bumblebee tool tackles your most urgent question after any supply‑chain advisory: Do your programmers have ...
Decrypt

Perplexity Built a Tool That Checks Your Computer for Infected Software—Without Setting Off the Infection

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...
Security Boulevard

Aembit Now Supports Oracle Database Protocol – No More Static Passwords in Your Enterprise Stack

Oracle powers some of the most critical workloads in the enterprise. It’s also one of the places where static, long-lived database passwords still hide in plain sight – hardcoded in config files, ...
WANE 15

Once-famous beer to be discontinued after 177 years

After 177 years, the beer that was once the best-selling in the world has been discontinued. Production of Schlitz, “the beer ...
Microsoft

Exposing Fox Tempest: A malware-signing service operation

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...
techzine

TeamPCP compromises Python libraries via supply chain attack

The hacker group TeamPCP uploaded two malicious versions of the popular Python library LiteLLM to PyPI. Using a previously compromised version of the vulnerability scanner Trivy, the attackers stole ...

Enable or disable Enhanced Security and Performance for Batch and CMD files

Enhanced Security and Performance for Batch and CMD files allows you to prevent batch and CMD files from being modified while ...

I asked Codex AI to customize my Hyprland desktop - it worked, but beginners beware

I asked Codex AI to customize my Hyprland desktop - it worked, but beginners beware ...