InfoWorld

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

OpenAI's New Daybreak Platform Uses GPT-5.5 to Find Software Vulnerabilities

OpenAI today launched Daybreak, an answer to Anthropic's Project Glasswing initiative and Mythos AI model. Like Glasswing, ...

Why a 2017 Linux bug is now a major concern for the crypto industry

The “Copy Fail” Linux bug could impact crypto infrastructure that relies on Linux servers, highlighting growing cybersecurity ...
CSO Online

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.
cybernews

Google catches “first AI-assisted zero-day” as well as autonomous Android malware

Google threat intelligence claims to have identified the first known case of cyber attackers using AI to help develop a zero-day exploit. Elsewhere, LLMs are being used to hide malware and create ...
InfoWorld

Python and WebAssembly? Here’s how to make it work

Here’s how to safely replace packages like smtpd, cgi, msilib, and more. Django 5.2 release touts automatic model importing—and phases out earlier 5.x editions The newest Django has more than new ...

JDownloader site hacked to replace installers with Python RAT malware

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...

Instructure confirms hackers used Canvas flaw to deface portals

Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login ...

Daybreak is OpenAI's response to Anthropic's Claude Mythos

OpenAI has just launched Daybreak, a cybersecurity initiative that's clearly the company's competitor to Anthropic's Project ...

One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...