AI Just Hacked One Of The World's Most Secure Operating Systems

An AI agent just autonomously exploited a FreeBSD kernel vulnerability in four hours, signaling a fundamental shift in the ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
SecurityWeek

CrewAI Vulnerabilities Expose Devices to Hacking

Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...
Cybernews

Code trust crisis: Is it safe to update your system during an active supply chain attack?

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
Cybernews

Critical Python supply chain compromise: how library used by millions of AI developers got infected with malware

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...

TeamPCP deploys Iran-targeted wiper in Kubernetes attacks

The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script that wipes all machines when it detects ...
Hackaday

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...
Yahoo

CarGurus Hack Exposes 12.4 Million Users After Social Engineering Attack

A massive data breach tied to automotive marketplace CarGurus has exposed approximately 12.4 million user records, with new details pointing to a targeted social engineering attack rather than a ...
news.bloomberglaw

US Tells Companies to Secure Microsoft System After Stryker Hack

The US government is warning businesses to secure their corporate accounts within a popular Microsoft Corp. management tool, following a cyberattack on Stryker Corp. last week. The Cybersecurity and ...
san

Millions of ‘anonymous’ crime tips exposed in massive Crime Stoppers hack: Exclusive

A California resident had an urgent message for the police. A family tied to Mexico’s notorious Sinaloa drug cartel was trafficking hundreds of pounds of marijuana at a time, and the tipster knew how ...