PC Magazine

Update Your iPhone Now: 'DarkSword' Leak Puts Millions at Risk of Hacks

The iPhone merely needs to visit the malicious site via Apple’s Safari browser. When the exploit was first disclosed, security researchers had only identified a few shadowy groups and surveillance ...
IEEE

Practical and Flexible Backdoor Attack Against Deep Learning Models via Shell Code Injection

Abstract: Recently, backdoor attack, which aims to implant malicious logic into deep learning models (DLMs), has attracted so extensive research attention. Among them, the non-poisoning-based backdoor ...
IEEE

DrainCode: Stealthy Energy Consumption Attacks on Retrieval-Augmented Code Generation via Context Poisoning

Abstract: Large language models (LLMs) have demonstrated impressive capabilities in code generation, by leveraging retrieval-augmented generation (RAG) methods. However, the computational costs ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$. The TeamPCP hacking group has expanded its open source software campaign from ...
The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, ...
TechCrunch

Anthropic hands Claude Code more control, but keeps it on a leash

For developers using AI, “vibe coding” right now comes down to babysitting every action or risking letting the model run unchecked. Anthropic says its latest update to Claude aims to eliminate that ...
Bleeping Computer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
unilad

Survival code known as the ’10-80-10’ rule could determine if you make it through a nuclear attack

A pretty simple survival code could determine whether you make it through a nuclear attack, which could well be useful knowledge amid ongoing concerns about escalating conflicts. I mean, let's not get ...
SecurityWeek

Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability

CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. Oracle on Friday issued out-of-band updates to patch a critical vulnerability ...
Bleeping Computer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python ...