Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
Fireship on MSN

732 bytes of Python just borked every Linux machine on earth

A tiny Python script triggered a major Linux failure in a way that few users would expect. The incident shows how even small ...

AI is finding software bugs faster: Can crypto patch them fast enough?

AI is accelerating software vulnerability discovery, increasing pressure on crypto firms to track CVEs, patch systems faster ...
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
Hosted on MSN

From Karel to picoCTF: You Can Win Your First Python CTF in 2026

The 2026 picoCTF competition has officially expanded with more challenges than ever before, yet the transition from the block-based logic of Karel to the raw Python scripting required for CTFs remains ...
GitHub

The SBOM Transparency v. Exposure Dilemma: A Case Study on Adversarial Access to Public SBOMs in Healthcare

Repository for the paper by Jiarou Deng, Yang Yang (Johns Hopkins University), and Michael Rushanan (Harbor Labs). This repo contains code and artifacts to reproduce the study's analyses of public ...