The Hacker News

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...

“AI gets the blame”: I break down why Windows 11 update sizes are growing and what the real issues might be

Windows Updates keep getting bigger, and AI is often blamed for the bloat. But while AI is adding some size, it's not quite ...
Decrypt

Hackers Insert Malware Into Mistral AI Software Download

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
Cryptopolitan

Mistral AI and TanStack hit in supply chain attack with SLSA-attested malware

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, ...

Apple iOS 26.5 Major New iPhone Software: Should You Upgrade?

Apple has rolled out iOS 26.5, potentially the last major update before iOS 27's preview at WWDC. This crucial release brings ...

Top download manager JDownloader hacked — installers replaced with dangerous malware

Between May 6 and 7, it was dangerous to install JDownloader from alternative links on the site.
InfoWorld

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

7 Days: JDownloader got hacked, Chrome downloading 4GB file, and Steam Controller sold out7 Days: JDownloader got hacked, Chrome downloading 4GB file, and Steam Controller sold ...

Our '7 Days' weekly tech roundup brings the juiciest announcements. Read about Edge browser handling passwords in plaintext, JDownloader getting hacked, and the TAB key.

JDownloader site hacked to replace installers with Python RAT malware

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...
Hackaday

This Week In Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, And Backdoored Tools

After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...