'Please do not vibe f--- up this software': Broken backups spark AI coding row in rsync project

Users probe backup failures find Claude-assisted commits. Veteran engineer retorts: 'I did not just vibe-code 'convert test ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

Norks blast 250+ fake job offers to developers over 6 weeks to try and snarf creds and crypto

There's another likely North Korean-linked scam hitting developers and their employers, while snarfing up credentials and ...
InfoWorld

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...

Inside the unseen operation to turbocharge Claude Code

Two contractors told Business Insider they earned up to $280 per hour on the ongoing project.
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

OpenSSF Notes Quarter of Growth with New Members, Added AI Security Resources, and Growing Community

The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation focused on sustainably securing open source software, today announced five new members have joined ...

Mythos was the critical trigger for IBM's open-source cybersecurity push, Krishna says

IBM has signed Goldman Sachs, Morgan Stanley, JPMorgan and Bank of America onto its open-source cybersecurity effort called ...
InfoWorld

Microsoft’s open-source toolkit for controlling out-of-control AI agents

The Agent Governance Toolkit brings runtime policy enforcement to autonomous agents, targeting the OWASP top 10 agent risks.

Dev Configs for Windows: From fresh install to IDE in one command

With Microsoft's new Dev Configs, a Windows installation becomes a ready-to-use developer workstation with a single command – ...