Morning Overview on MSN

Hackers poisoned the PyTorch Lightning AI package and it started stealing credentials the ...

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...

10 trillion downloads are crushing open-source repositories - here's what they're doing ...

10 trillion downloads are crushing open-source repositories - here's what they're doing about it ...
The Next Web

The AI industry’s model and agent skill repositories are full of malware. The ...

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.
Tech Times

Floci Tops 10,000 GitHub Stars as Free, MIT-Licensed AWS Emulator Fills LocalStack’s $39 ...

Thousands of software development teams whose CI/CD pipelines depended on LocalStack’s free community edition lost access to ...
The Hacker News

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Google identified the first malicious AI use for a zero-day 2FA bypass in an open-source admin tool, accelerating threat ...
Microsoft

Exposing Fox Tempest: A malware-signing service operation

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...

Running Claude Code or Claude in Chrome? Here's the audit matrix for every blind spot your ...

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the security risks of hallucinated dependencies.
InfoQ

Accelerating LLM-Driven Developer Productivity at Zoox

Amit Navindgi discusses the systematic shift at Zoox from fragmented documentation to an AI-driven ecosystem. He explains how ...