Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Decrypt

Linux Foundation, Tech Giants Launch Akrites to Defend Open Source Against AI-Powered Attacks

Akrites is a coalition of 19 organizations, including every major AI lab and Wall Street banks, built to defend open-source ...
The Hacker News

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
ITWeb Africa

How attackers exploit malicious, vulnerable software libraries to launch stealth attacks

Companies must be capable of detecting malicious DLLs and vulnerabilities in software libraries to prevent early-stage ...
SecurityWeek

FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances

PixelSmash is a vulnerability in the FFmpeg framework that can be exploited via crafted media files for remote code execution ...
The Hacker News

⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

This week’s cybersecurity recap covers Firefox and Chrome bugs, EDR-killer tools, a TV botnet, an OpenBSD flaw, Android ...