Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

Crime crew impersonates help desk, abuses Microsoft Teams to steal your data

A previously unknown threat group using tried-and-tested social engineering tactics - Microsoft Teams chat invitations and ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

There’s no rogue McDonald’s AI bot, but ‘prompt injection’ is still a risk for companies

People hacking branded AI bots can result in significant reputational, financial, and legal consequences. There appears to be ...
Dark Reading

Bad Memories Still Haunt AI Agents

Anthropic fixed a significant vulnerability in Claude Code's handling of memories, but experts caution that memory files will ...
CSO Online

Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations

A multi-tenant authentication gap in Microsoft’s AI operations agent exposed live command streams, internal reasoning, and ...
OfficeChai

11 Best AI Tools For Conducting Interviews (With Examples) [2026]

These 11 AI tools for conducting interviews will help recruiters and HR teams quickly and efficiently select the best ...
TechAnnouncer

How to Build a Banking App: A Comprehensive Guide for Developers

Thinking about how to build a banking app? It’s a big project, for sure. People expect their banks to be right there on their phones now, not just a building downtown. This guide breaks down what you ...
InfoWorld

GitHub shifts Copilot to usage-based billing, signaling a new cost model for enterprise AI tools

The move reflects rising compute demands and agentic workflows, requiring CIOs to rethink budgeting and governance.

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
InfoWorld

SpaceX secures option to acquire AI coding startup Cursor for $60B

The rocket company says the deal would pair Cursor’s coding models with SpaceX’s Colossus supercomputer, raising questions ...

Google issues new 'warning' in Microsoft Teams chat invitations and helpdesk scam

Cybercriminals are now leveraging Microsoft Teams, posing as IT helpdesk staff, to trick employees into revealing credentials ...