New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
The Hacker News

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

Massive regional C2 footprint More than 1.3K C2 Servers Discovered in the Middle East Hunt.io said it identified more than ...

Worrying open-source security issue 'BadHost' could affect millions of AI agents, experts warn

The risk is "materially understated", researchers are saying as passwords and critical data can be exfiltrated.
VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
Security Systems News

Resideo to spin off ADI, creating two independent public companies

SCOTTSDALE, Ariz.—Resideo Technologies has announced its intention to separate its ADI Global Distribution business (ADI) through a tax-free spin-off to Resideo shareholders. Following the completion ...
FedScoop

ICE drives AI use case growth within Homeland Security

ICE agents leave a residence after knocking on the door on Jan. 28, 2026 in Minneapolis, Minnesota. The U.S. Department of Homeland Security continues its immigration enforcement operations after two ...
Game Rant

How To Get Cartridges And Modules In NTE (Neverness to Everness)

Nahda Nabiilah is a writer and editor from Indonesia. She has always loved writing and playing games, so one day she decided to combine the two. Most of the time, writing gaming guides is a blast for ...
Wired

OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts

OpenAI is rolling out Advanced Account Security for people concerned that their ChatGPT or Codex accounts could be potential targets of phishing attacks. “People are turning to AI for deeply personal ...
Ars Technica

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...
Reuters

US security agency is using Anthropic's Mythos despite blacklist, Axios reports

April 19 (Reuters) - The United States National Security Agency is using Anthropic's Mythos Preview AI tool despite ‌the Pentagon hitting the company with a formal supply-chain risk designation, Axios ...
The Hill

Report: Cellular modules from Chinese companies in smart home devices are national security risk

A new report is warning that Chinese-produced cellular modules, tiny components that are inside smart home devices, present a significant national security risk for the United States. The Foundation ...