Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...

As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself ...

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...

Abstract: Out-of-distribution (OOD) generalization and detection have received significant attention in recent years, focusing primarily on addressing covariate shifts and category shifts in modern ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard ...

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the ...

Abstract: Software vulnerabilities pose critical risks to the security and reliability of modern systems, requiring effective detection, repair, and explanation techniques. Large Language Models (LLMs ...