Fake Windows update installs hidden malware

Scammers built a convincing fake Windows update site that installs password-stealing malware. Learn how the multi-stage attack works and how to stay safe.
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

Google Says Criminal Hackers Used A.I. to Find a Major Software Flaw

The company said that it had identified, for the first time, hackers using artificial intelligence to discover an unknown bug ...

This Linux distro that already rivals Windows 11 just got a significant performance boost0 0

There are several Linux distros that people say are good alternatives to Windows 11. This particular one, called CachyOS, ...

Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...
SecurityWeek

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

CRPx0 is a complex, stealthy malware campaign that targets macOS and Windows systems, and appears to have Linux capabilities ...
Infosecurity Magazine

Malicious Hugging Face Repository Typosquats OpenAI

Security researchers have uncovered covert infostealer malware hidden in one of the top-ranking repositories on Hugging Face, ...

My aging family kept falling for scams. For $20, I built a no-code app to protect them.

Matter Sanner, 54, vibe coded an app using Cursor called ScamSkeptic for his aging family, who had fallen victim to scams.
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...
InfoWorld

Building AI apps and agents with Microsoft Foundry

Microsoft’s Azure-based AI development and deployment platform shines with a strong selection of models and agent types and ...

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...
The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.