Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
cryptopolitan

Microsoft, Google patch flaws as Cordyceps spread across open-source repositories

Security researchers at Novee found over 300 exploitable CI/CD workflow chains across repositories belonging to Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation. The flaws ...

Treno Scope Launches “Data for All” Initiative, Empowering Developers in Vietnam and Thailand

Today, the leading Web3 market data infrastructure provider in Southeast Asia, Treno Scope, officially announced the launch ...
winbuzzer.com

OpenAI Says GPT-5.5-Cyber Leads Claude Mythos, Expands Daybreak-Initiative

OpenAI is now turning its Daybreak initiative into a defensive cybersecurity program that combines Codex updates, the GPT-5.5-Cyber release and partner access for approved organizations. As OpenAI ...

Surface RTX Spark Dev Box Features, Price, Specs, Where to buy, Release date

Surface RTX Spark Dev Box is a compact, small-form-factor desktop PC that is built specifically for developers and data ...
blockonomi

Nokia (NOK) Stock Climbs 1.88% Following Dual Partnership Announcements with Databricks and AWS

Nokia and Databricks successfully validated a cloud-neutral data platform designed for autonomous telecommunications networks through a proof of concept. The solution enables telecom carriers to ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
InfoWorld

OpenAI rolls out AI-led push to fix open-source software flaws

Patch the Planet’ pairs automated analysis with expert review to uncover and remediate vulnerabilities in core infrastructure ...
SecurityWeek

CryptoBandits Malware Doubles as a Backdoor, Abuses Tor

The Windows-based CryptoBandits cryptocurrency clipper blends data exfiltration and remote code execution in a backdoor.

From PGP to Mythos: a brief history of export controls that didn’t stop anyone

For the last 30 years, stopping the flow of cybersecurity-related software has proven to be ineffective. It's unclear why it ...
Decrypt

Texas Brothers Plead Guilty to $8M Armed Crypto Kidnapping

Isiah and Raymond Garcia held a Minnesota family at gunpoint for eight hours and forced the father to transfer over $8 ...
The Hacker News

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...