The Hacker News

ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories

This week's ThreatsDay Bulletin covers curl flaws, a critical Hoppscotch bug, smart TV proxyware, macOS ClickFix attacks, ...
cryptopolitan

Microsoft, Google patch flaws as Cordyceps spread across open-source repositories

Security researchers at Novee found over 300 exploitable CI/CD workflow chains across repositories belonging to Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation. The flaws ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...

GPT-5.5-Cyber beats Mythos: Update for OpenAI's security model

With a security initiative, OpenAI competes with Anthropic's Mythos and also offers a security review service for open-source ...

How to burst the AI bubble: Strike at its roots

Ars Technica: It could be catastrophic, economically speaking, when the AI bubble finally bursts. But you point out that ...

The maker of ChatGPT wants to make open-source projects less of a security bargain

As AI tools flood open-source maintainers with low quality bug reports, OpenAI's new Patch the Planet initiative aims to filter out the noise and fix real threats.
InfoWorld

How fuzzy APIs are remaking the web

With the advent of AI-mediated APIs, the era of manually hard-coding every integration between every microservice may be ...
Startup Fortune

OpenAI's Patch the Planet program takes its security ambitions well beyond the chatbot business

OpenAI launched Patch the Planet on June 22, partnering with Trail of Bits and HackerOne to find and fix vulnerabilities in widely used open-source software, a direct shot at Anthropic's Mythos and a ...
Dark Reading

'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

By targeting the automated workflows around repositories with targeted pull requests, attackers can potentially target ...
Tech Times

Embodied AI World Models Attracted $6 Billion, But the LLM Parallel May Not Hold

Embodied AI world models drew $6 billion in Q1 2026 alone, but new analysis from Fusion Fund investors argues the LLM scaling ...

Meta-Harness for AI Agents: Databricks Releases Omnigent as Open Source

The Meta-Harness Omnigent combines AI agents like Claude Code and Codex under a common policy and collaboration layer – under ...