CrowdStrike and Google take down botnet used by hackers to target open source software developers

Cybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the ...
InfoWorld

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.
Dark Reading

AI-Assisted Exploit Development Outpaces Scanner Detection

Attackers have reduced the time to develop an exploit for a known vulnerability from 125 days to a mere half a day, thanks to the use of AI-assisted development, leaving vulnerability scanners ...

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...
CSO Online

Google leaks details for Chromium bug that can turn browsers into bots

Reported over three years ago and allegedly still not properly fixed, the vulnerability enables attacks to execute JavaScript ...
Morning Overview on MSN

OpenAI asks all macOS users to update immediately after the TanStack attack forced the company to rotate its code-signing certificates

OpenAI is telling every Mac user running its ChatGPT or Codex desktop app to update right now. The urgency traces back to a supply-chain attack on a popular open-source JavaScript toolkit called ...
ExtremeTech

Google Says It Stopped the World's First AI‑Built Zero-Day Exploit

Google's Threat Intelligence Group says it has disrupted what it believes is the first real‑world zero‑day exploit developed with the help of AI. A major cybercrime group (which the Threat ...
The Verge

Google stopped a zero-day hack that it says was developed with AI

Google researchers found evidence in the exploit’s code that it may have been created using AI, like a ‘hallucinated’ CVSS score. Google researchers found evidence in the exploit’s code that it may ...
Yahoo! Sports

Prizmic follows up on Djokovic exploit by reaching Italian Open last 16

Dino Prizmic followed up knocking out Novak Djokovic from the Italian Open by beating France's Ugo Humbert 6-1, 7-5 on Sunday to reach the last 16 in Rome. Prizmic had to qualify for the main draw but ...
Hosted on MSN

Singapore issues urgent warning after Axios supply chain breach

What happened?: Attackers took over a maintainer account for Axios and published malicious versions to npm, potentially impacting millions of downloads. Why it matters: CSA Singapore warns supply ...
Ars Technica

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...
The New York Times

DeepSeek’s Sequel Set to Extend China’s Reach in Open-Source A.I.

Chinese companies have embraced making their most advanced artificial intelligence models available to all. The Chinese start-up DeepSeek shook the industry in January 2025 with its claim that it had ...