Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

"Copy Fail": Linux root in all major distributions with 732 bytes of Python

The discoverers have named the root vulnerability "Copy Fail". All major distributions since 2017 are affected.
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
Live Bitcoin News

The npm Package That Wipes Your Files When You Try to Stop It

An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a ...

OpenAI Launches Daybreak the Same Day Google Confirmed the First AI-Built Zero-Day Attack

On May 11, the same day Google's Threat Intelligence Group disclosed the first confirmed case of attackers using AI to build ...
Dark Reading

Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia

More than 1,600 malicious messages from the China-backed APT group deliver the previously undocumented ABCDoor backdoor and ...
eWeek

GM Swaps Google Assistant for Gemini in 4M Cars

General Motors is rolling out Google's Gemini AI assistant to about 4 million 2022-and-newer Cadillac, Chevrolet, Buick, and ...

Copy fail flaw impacts all Linux kernels released since 2017

Linux users should update their servers now, or face possible attack.
Techlomedia

Linux ‘Copy Fail’ Vulnerability Can Give Root Access on Major Distributions

A new high-severity Linux vulnerability has been disclosed, and it can allow attackers to gain full root access on affected systems. The flaw is tracked ...
winbuzzer.com

OpenAI Details Codex Windows Sandbox Controls

OpenAI has published a technical explanation of its Windows sandbox for Codex, detailing a stricter local setup for the coding agent on developer PCs. Codex can still read broadly across a system, ...

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...
The Hacker NewsOpinion

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

Weekly ThreatsDay Bulletin: supply chain attacks, fake support lures, AI tampering, data leaks, ransomware, and exploited ...