The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
Decrypt

You Installed Hermes. Now Make It Look Better Than ChatGPT or Claude

The terminal is fine. But if you actually want to live in your Hermes agent, here are the four best GUIs the community has ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...

Usage-based pricing killing your vibe - here's how to roll your own local AI coding agents

With model devs pushing more aggressive rate limits, raising prices, or even abandoning subscriptions for usage-based pricing ...

CollectivIQ Announces Major Platform Upgrades To Solve AI Hallucination and Bias; Enhancements Drive Accurate Results, Broader Collaboration, And Improved Output

CollectivIQ, the world's first AI consensus platform for business intelligence, today announced a major expansion of its platform to help companies drive meaningful AI value. The platform ...

200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...
WeLiveSecurity

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via ...
Arabian Post

AI commit opens crypto wallet risk

A malicious npm dependency slipped into an AI-assisted crypto trading project has exposed how automated coding tools can be manipulated into importing software that steals credentials, wallet data and ...

Why OpenAI's 'goblin' problem matters — and how you can release the goblins on your own

If OpenAI can accidentally train its flagship model to obsess over goblins, what other more subtle and potentially harmful ...

The Onion’s bid to take over Alex Jones’ Infowars is in limbo as new court battles emerge

The Onion's plan to transform Alex Jones' Infowars platforms into parody sites are in limbo again. New legal filings by Jones ...
Security Boulevard

How Escape AI Pentesting Exploited SSRF in LiteLLM

The post How Escape AI Pentesting Exploited SSRF in LiteLLM appeared first on Escape – Application Security & Offensive ...