The most severe Linux threat to surface in years catches the world flat-footed

Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of ...
SecurityWeek

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Over 1,800 developers were affected by the Mini Shai-Hulud supply chain attack that hit the PyPi, NPM, and PHP ecosystems ...

I built an AI poem generator. I wasn’t prepared for how people would use it

To put that theory into practice, I teamed up with my friend Jared Bauman, built an AI-powered poem generator, and released ...

The Prompt Engineering Cheat Sheet: How to Write Better AI Prompts

Learn prompt engineering with this practical cheat sheet that covers frameworks, techniques, and tips for producing more ...

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
Hackaday

Building An IBM PCjr BIOS From Source Using Original Printed Source Code

As unloved as IBM’s PCjr was, with only a one-year production run, it’s hard to complain about the documentation available ...

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...
The Hacker News

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

DEEP#DOOR embeds a Python RAT in a dropper script, using bore[.]pub C2 to steal credentials and evade Windows defenses, ...

New Linux ‘Copy Fail’ flaw gives hackers root on major distros

An exploit has been published for a local privilege escalation vulnerability dubbed "Copy Fail" that impacts Linux kernels ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
The Hacker News

ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

SMS blasters, npm supply chain hits, and unpatched Windows flaws. Stay ahead of new phishing kits and exposed servers.