SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
The Hacker News

Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues

Microsoft confirms it temporarily removed GitHub repos after Miasma worm compromised 73 of its open-source projects to inject ...
Dark Reading

Flaws in Claude Code Put Developers' Machines at Risk

Three critical security vulnerabilities in Anthropic’s AI-powered coding tool, Claude Code, exposed developers to full machine takeover and credential theft simply by opening a project repository.

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...
Business Wire

AI-Generated Code Poses Major Security Risks in Nearly Half of All Development Tasks, Veracode Research Reveals

BURLINGTON, Mass.--(BUSINESS WIRE)--Veracode, a global leader in application risk management, today unveiled its 2025 GenAI Code Security Report, revealing critical security flaws in AI-generated code ...
Wired

Vibe Coding Is the New Open Source—in the Worst Way Possible

Just like you probably don't grow and grind wheat to make flour for your bread, most software developers don't write every line of code in a new project from scratch. Doing so would be extremely slow ...