Anthropic response to 1-click pwn: Shouldn't have clicked 'ok'

The TrustFall proof-of-concept attack demonstrates how a cloned code repository can include two JSON files (.mcp.json and ...
Security Boulevard

How to Connect Custom AI Agents with Slack

Whether you want simple fire-and-forget alerts or full two-way control, here's how to securely wire your AI agent into Slack.

Running Claude Code or Claude in Chrome? Here's the audit matrix for every blind spot your security stack misses

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix ...
SecurityWeek

AI Coding Agents Could Fuel Next Supply Chain Crisis

Researchers demonstrate how attackers can weaponize trusted repositories to hijack AI coding assistants and compromise ...
Communications of the ACMOpinion

Open Source’s Hidden Language Gap

Open-source i18n is not blocked by goodwill; it’s blocked by missing maintainer-safe infrastructure. Language contributors ...
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
InfoWorld

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
Morning Overview on MSN

The 'mini Shai-Hulud' attack hides inside AI coding agent configs — the first supply chain attack to weaponize Claude Code and VS Code as persistence vectors

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
InfoQ

Implementing the Sidecar Pattern in Microservices-Based ASP.NET Core Applications

Today's applications require monitoring, logging, configuration, etc. Each of these concerns can be implemented as a ...
Rock Paper Shotgun

Morrowind in Elden Ring mod is now "mostly playable", despite the fact its creator's "entire existence has been consumed with interpreting gibberish code"

After about half a year of major updateless silence, modder InfernoPlus has emerged from the dungeons of Vvardenfell to ...