Opinion
HackadayOpinion

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...
The Hacker News

⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More

Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a ...

Chinese APT deploys new malware to keep access to hacked networks

A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and ...
The Free Press Journal

Viral IPL Broadcast Trend: Here's How To Create Your AI Video In The Stadium Using Gemini Prompt

As the excitement around the Indian Premier League 2026 season reaches sky-high levels, a new AI-powered trend is taking over social media timelines. From packed stadium visuals to realistic broadcast ...
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
MobileSyrup

Ontario police using spyware to hack phones, trying to keep it secret

Ontario police have reportedly been using spyware to hack into phones without alerting their users. In a new report, The Toronto Star reveals that Ontario Provincial Police (OPP) and Windsor Police ...
Bleeping Computer

Hackers exploit FortiClient EMS flaw to push infostealer malware

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. The attacker ...
PC World

The ’80/20′ ChatGPT prompt is the fastest way to learn anything

We’ve all been there—that moment when you realize you’re in way over your head. For me, it happened during my first briefing with a smart light vendor, when it became painfully obvious that I couldn’t ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...
The Verge

Google stopped a zero-day hack that it says was developed with AI

Google researchers found evidence in the exploit’s code that it may have been created using AI, like a ‘hallucinated’ CVSS score. Google researchers found evidence in the exploit’s code that it may ...
Graham Cluley

Smashing Security podcast #470: This AI security flaw might be impossible to fix

A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels.