Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
The Hacker News

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

PCPJack steals credentials via 6 Python modules exploiting 5 CVEs, enabling cloud spread and fraud-driven attacks.

Google Chrome may have silently installed 4GB AI model on your computer. Here's how to check

We tested our own computers to see if the model was present.

Chrome silently downloads a 4GB AI model. Here’s how to remove it

You can nix Chrome's 4GB local AI model in just a few clicks, but you'll lose some functionality in the process.
Decrypt

You Installed Hermes. Now Make It Look Better Than ChatGPT or Claude

The terminal is fine. But if you actually want to live in your Hermes agent, here are the four best GUIs the community has ...

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

10 trillion downloads are crushing open-source repositories - here's what they're doing about it

Companies are treating these repositories like content delivery networks - now the Linux Foundation and colleagues are saying ...

Usage-based pricing killing your vibe - here's how to roll your own local AI coding agents

With model devs pushing more aggressive rate limits, raising prices, or even abandoning subscriptions for usage-based pricing ...
The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.

Fake Windows update installs hidden malware

Scammers built a convincing fake Windows update site that installs password-stealing malware. Learn how the multi-stage attack works and how to stay safe.

Threat actor uses Microsoft Teams to deploy new “Snow” malware

A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named 'Snow' which includes a ...