The Hacker News

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...

I've reviewed every PDF editor out there - then I had ChatGPT build me a better one

The smartest way to use AI may not be letting it interact with your files, but asking it to write software that handles them ...

I let Claude audit my messy Home Assistant setup, and it was a massive wake-up call

I gave Claude access to my Home Assistant. It helped me audit, debug, and improve my smart home better than I ever could have ...
cybernews

AI agent steals database, makes real-time hacking decisions in less than an hour

An AI agent executed a rapid, end-to-end cyberattack. Starting with a vulnerability in a Python application, hackers used an LLM to independently harvest cloud credentials, access AWS services, and ...
VentureBeat

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain incidents hit OpenAI, Anthropic and Meta in 50 days: three adversary-driven attacks and one self-inflicted packaging failure. None targeted the model, and all four exposed the same ...
Ubuntu

Copy Fail: The 732-Byte Script That Roots Every Major Linux Systems

Security researchers recently found a major flaw in the Linux kernel that grants root access on major Linux distributions since 2017. They named it Copy Fail (CVE-2026-31431). The Copy Fail bug is ...
theregister

Crime crew impersonates help desk, abuses Microsoft Teams to steal your data

A previously unknown threat group using tried-and-tested social engineering tactics - Microsoft Teams chat invitations and helpdesk staff impersonation - is also using custom malware in its ...
Hosted on MSN

A popular Python library just became a backdoor to your entire machine

If you work with AI APIs and local LLMs, there's a good chance you've at least heard of LiteLLM. It's one of the most popular Python libraries for interacting with large language models, offering a ...
Fox News

Fake ad blocker breaks PCs in new malware extension scam

Fake browser extensions are nothing new, but this one takes things a step further by deliberately breaking your computer to scare you into infecting it. Security researchers have uncovered a malicious ...
theregister

Swiss government says give M365, and all SaaS, a miss as it lacks end-to-end encryption

INFOSEC IN BRIEF Switzerland’s Conference of Data Protection Officers, Privatim, last week issued a resolution calling on Swiss public bodies to avoid using hyperscale clouds and SaaS services due to ...