Wired

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the ...

Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
Bleeping Computer

Anthropic’s restricted Claude Mythos model may be coming to Claude Code

Anthropic appears to be preparing for the public rollout of "Mythos," which was announced in April as a restricted model that poses major security risks to private and public software. On April 7, ...
Hosted on MSN

A hidden python in the nursery nearly turned playtime into disaster

A family visit turns tense when a snake is discovered inside the baby’s room. The group initially thinks it may be a toy, but panic spreads once it appears to move. The baby is quickly taken away from ...
The Hacker News

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets

OpenClaw input flaws let hidden contacts and phishing emails trigger code execution and data leaks, exposing agent trust ...
Hosted on MSN

Model discovers a beautiful hidden waterfall for a dramatic photoshoot

Model and how-to guru Rachel Pizzolato uses a hidden waterfall discovery as the backdrop for a dramatic and cinematic photoshoot. 6 words from ex-Fed chair Jerome Powell that could change everything ...
scmp.com

Alibaba’s new AI model scores higher than OpenAI, Google rivals in coding ranking

Alibaba Group Holding’s latest artificial intelligence model has clinched a top-tier spot on a major global coding leaderboard, making the Chinese technology giant the only developer other than ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
CNBC

Microsoft unveils new AI models to lessen reliance on OpenAI and lower costs for developers

At its Build developer conference in San Francisco, Microsoft announced MAI-Code-1-Flash, its inaugural model in the AI coding space. Microsoft is trying to establish a presence with proprietary ...