Mini Shai-Hulud worm injects disk wiper into Microsoft Azure PyPI package

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
CNX Software

Anthropic’s open-source Claude Desktop Buddy turns ESP32-S3 devices into interactive AI desk companions

Anthropic has opened its Claude Hardware Interface (Bluetooth API) to developers, enabling an ESP32-S3-based desk companion to connect directly to the Claude desktop app over Bluetooth Low Energy (BLE ...
The Hacker News

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

Turla turns Kazuar into a 3-module P2P botnet, enabling stealthy C2, resilient tasking, and persistent access.
Microsoft

Kazuar: Anatomy of a nation-state botnet

Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused ...

Running Claude Code or Claude in Chrome? Here's the audit matrix for every blind spot your security stack misses

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix ...

News Roundup: May 12, 2026 — Secure Code Warrior, NetSPI, Claude/AWS, Sembi

Secure Code Warrior collaborating with AWS, launches Amazon Bedrock AI Learning Modules. Secure Code Warrior announced it has ...

SAP recasts Joule as the front door to autonomous enterprise AI

Joule, SAP’s generative AI assistant, debuted in 2023 and now touches every part of the company’s platform. Since then, it ...
The Hacker News

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Google identified the first malicious AI use for a zero-day 2FA bypass in an open-source admin tool, accelerating threat ...

Feature freeze for Python 3.15 as first beta released

The Python team has released the first beta of version 3.15, with new features including a stable application binary ...
cybernews

Google reveals hackers used AI to exploit weakness in two-factor authentication

Google threat intelligence claims to have identified the first known case of cyber attackers using AI to help develop a zero-day exploit. Elsewhere, LLMs are being used to hide malware and create ...
Circuit Digest

Building a Voice-Controlled Drone with LiteWing using Python

The laptop connects directly to the drone through its Wi-Fi access point (AP), enabling wireless communication between the ...