The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
Infosecurity Magazine

macOS Backdoor Uses Prompt Injection to Evade AI Triage

A North Korea-linked macOS backdoor has been caught hiding a prompt injection that targets malware analyst's AI tools, rather ...
Opinion
SifyOpinion

Research finds AI ‘scheming’ is increasing; Is it, and will it destroy the world?

A viral report claims that chatbot lying and scheming has increased exponentially; the problem is that the report’s language is doing the heavy lifting instead of its data, opines Satyen K. Bordoloi ...

Only 13% of Australian firms can stop a rogue AI agent: Okta expands Cross App Access with Anthropic, Canva and Atlassian aboard

Australian organisations are pushing AI agents into production faster than they can govern them. Most can't see what those ...

Why Most Retail Traders Get Pattern Reading Wrong And What It Is Actually Costing Them

Candlestick patterns alone cannot guarantee profitable trading, the article argues, citing academic research and SEBI data ...
SecurityWeek

New Attack Abuses Claude Code and Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

Bumble: Leverage And AI Reset Makes It A Speculative Hold

Bumble (BMBL) stock trades at distressed multiples amid paid user declines, debt covenant pressure and AI reset risks. Read ...

Portugal's most important World Cup figure may not be Cristiano Ronaldo — it's the coach scripting goals before kick-off

Against Uzbekistan, two of Portugal's five goals carried unmistakable Austin MacPhee fingerprints.
Microsoft

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
Communications of the ACMOpinion

Hidden Prompts in Manuscripts Exploit AI-Assisted Peer Review

Moving forward requires coordinated technical, policy, and educational responses. An outright ban on AI in peer review, as is ...
Reuters

Data Privacy

Apple says it is releasing updates early in response to AI cybersecurity concerns Apple said it is pushing forward a series of software updates that would previously have been bundled with a new ...