Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
PCMag

Fake Apps, Fraudulent Emails, and Very Real Hackers: Another Week in the Infosec Trenches

This week saw attacks on Claude Code users, LastPass users, Starlink users, and, perhaps worst of all, people who needed an ambulance. Add a dash of AI hacking, and you have another wild week in ...
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...
Security Boulevard

The Developer’s Practical Guide to Passwordless Authentication in 2026

Why Passwords Are Still a Developer's Problem in 2026. The case against password-based authentication is well-established in the IAM community, but the practical implications for ...
Cybernews

Popular AI coding tool Blackbox AI, with 5M downloads, grants root access to hackers

BlackBox AI, a popular VS Code coding assistant, has a critical indirect prompt injection vulnerability. Hackers can exploit this to gain remote root access to a user’s computer.
The Hacker News

Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor

Iran-linked MuddyWater hackers breached U.S. networks with new Dindoor malware as regional cyber attacks escalate amid Middle East conflict.
eWeek

Meta AI Wants to Be Your Personal Shopper

Meta is rolling out a dedicated shopping research mode inside its Meta AI web chatbot for a slice of US desktop users. Search ...
CRN

AI Let ‘Unsophisticated’ Hacker Breach 600 Fortinet Firewalls, AWS Says, As AI Lowers ‘The Barrier’ For Threat Actors

Hackers use AI, GenAI and LLMs to breach Fortinet FortiGate firewalls as cybersecurity and threat actors leverage AI for cyber-attacks, AWS report finds.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Computing

AI-powered hacker breaches 600 FortiGate firewalls, Amazon warns

An AI-assisted hacker campaign breached over 600 FortiGate firewalls worldwide by exploiting weak credentials and public interfaces in a chilling demonstration of how generative AI ...
TechCrunch

Fintech firm Marquis blames hack at firewall provider SonicWall for its data breach

Fintech firm Marquis told customers that it plans to seek compensation from its firewall provider after blaming the company for a breach that allowed hackers to steal its customers’ personal and ...
New York Post

America’s most-used password in 2025 is one simple word

Passwords play a huge role in how you stay safe online. They protect your accounts, devices and money. Still, many people pick logins that criminals can guess in seconds. The latest NordPass report ...