JDownloader site hacked to replace installers with Python RAT malware

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...

ShinyHunters Extorts Universities in New Instructure Canvas Hack

ShinyHunters-linked attackers defaced Canvas portals, disrupting finals week access and exposing SaaS security risks for ...

Who Is ShinyHunters? Hacker Group Claiming Canvas, Vimeo, Pornhub Attacks

The group has also been linked with attacks on Ticketmaster, Rockstar Games, Salesforce, and Australian flag carrier Qantas.
The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.
SecurityWeek

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials

The PCPJack worm targets cloud environments and vulnerable web applications to remove TeamPCP infections and steal ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...

Thousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open Web

Companies like Lovable, Base44, Replit, and Netlify use AI to let anyone build a web app in seconds—and in thousands of cases ...
InfoWorld

Building AI apps and agents with Microsoft Foundry

Microsoft’s Azure-based AI development and deployment platform shines with a strong selection of models and agent types and ...
Security Boulevard

5 Capabilities of Workload Access Managers – And Why WAM Isn’t WIM

Legacy IAM can't govern autonomous AI agents that spin up, execute and terminate in seconds. New identity patterns are now emerging. The post 5 Capabilities of Workload Access Managers – And Why WAM ...
Decrypt

You Installed Hermes. Now Make It Look Better Than ChatGPT or Claude

The terminal is fine. But if you actually want to live in your Hermes agent, here are the four best GUIs the community has ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...