Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...
Microsoft

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
Martin Cid Magazine

An AI wrote a working zero-day exploit — Google caught it first

Google's Threat Intelligence Group says a criminal hacker group used a large language model to find a previously unknown flaw ...
Bleeping Computer

Trellix discloses data breach after source code repository hack

Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. Trellix is a global cybersecurity company formed from the October 2021 ...
Ars Technica

Microsoft open-sources “the earliest DOS source code discovered to date”

Several times in the last couple of decades, Microsoft has released source code for the original MS-DOS operating system that kicked off its decades-long dominance of consumer PCs. This week, the ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

New AI framework autonomously optimizes training data, architectures and algorithms — outperforming human baselines

EVOLVE, an agentic framework that autonomously optimizes AI training data, model architectures, and learning algorithms — boosting MMLU scores by 18 points over human baselines.
Nature

How to vibe code in science: early adopters share their tips

He was brainstorming ideas with an artificial-intelligence tool and getting it to code and create them quickly. Together, ...
Science Daily

Scientists test a tiny eye implant that could restore sight

Scientists at USC are launching a new trial to test a tiny stem cell implant that could restore vision in people with advanced dry macular degeneration. The hair-thin patch replaces damaged retinal ...