Popular Python libraries used in Hugging Face models subject to poisoned metadata attack

Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow ...
The Hacker News

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

North Korean hackers abuse Visual Studio Code task files in fake job projects to deploy backdoors, spyware, and crypto miners ...

AI framework flaws put enterprise clouds at risk of takeover

Two "easy-to-exploit" vulnerabilities in the popular open-source AI framework Chainlit put major enterprises' cloud ...

As if LinkedIn messages couldn't get any worse, hackers are using them to install malware on people's PCs

Once up and running, that malicious DLL file pops a Python interpreter onto the system, which runs a script to create a ...
The Hacker News

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

Researchers found a LinkedIn phishing campaign delivering a remote access trojan via DLL sideloading, WinRAR SFX files, and ...
eWeek

New Windows 11 Leak Reveals Copilot Moving Into File Explorer

A leaked feature shows that Microsoft is testing a hidden “Chat with Copilot” button in Windows 11 File Explorer.

Linus Torvalds becomes a Python Vibe Coder

Linus Torvalds has tried Vibe Coding and successfully had a Python audio tool written for him. However, he rejects it for the ...

Can a newbie really vibe code an app? I tried Cursor and Replit to find out

I'm not a programmer, but I tried four vibe coding tools to see if I could build anything at all on my own. Here's what I did and did not accomplish.
SecurityWeek

Chainlit Vulnerabilities May Leak Sensitive Information

Vulnerabilities in Chainlit could be exploited without user interaction to exfiltrate environment variables, credentials, ...

WhatsApp Web malware spreads banking trojan automatically

A new WhatsApp Web attack spreads self-propagating ZIP files containing Astaroth banking malware through trusted ...
DataBreachToday

Flaw in AI Libraries Exposes Models to Remote Code Execution

Researchers discovered remote code execution vulnerabilities in three AI libraries from Apple, Salesforce and Nvidia used by ...