The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
Tech Times

Floci Tops 10,000 GitHub Stars as Free, MIT-Licensed AWS Emulator Fills LocalStack’s $39/Month Paywall Gap

Thousands of software development teams whose CI/CD pipelines depended on LocalStack’s free community edition lost access to ...
The Hacker News

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...

Developers can now debug and evaluate AI agents locally with Raindrop's open source tool Workshop

The tool is available for macOS, Linux, and Windows. It can be installed through a one-line shell command that automates ...

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...

OpenAI Launches Daybreak the Same Day Google Confirmed the First AI-Built Zero-Day Attack

On May 11, the same day Google's Threat Intelligence Group disclosed the first confirmed case of attackers using AI to build ...
DataBreachToday

AI-Built Zero-Day Nearly Powered Mass Attack

A cybercriminal group came close to launching a mass attack earlier this year, armed with a software exploit that an AI model ...

Google intercepts a massive cyberattack powered by first-ever AI-generated zero-day exploit

Google claims to have thwarted a significant cyberattack by state-sponsored hackers using an AI-developed zero-day exploit.
The Next Web

Google found the first AI-generated zero-day exploit. It stopped the attack before it started.

Google's GTIG identified the first zero-day exploit developed with AI and stopped a mass exploitation event. The report documents state actors using AI for vulnerability research and autonomous ...
MUO on MSN

Claude Code is a shockingly good photo editor if you use it right

Photo editing with AI feels unfair.
cryptopolitan

Fake OpenAI repo hits 244K downloads, ships crypto wallet stealer

A fake repository mimicking OpenAI’s Privacy Filter on Hugging Face accumulated ~244,000 downloads before being removed. It delivered a multi-stage Rust infostealer ...