The Hacker News

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 ...

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...

Databricks acquires cyberattack detection startup Panther

Panther is the third cybersecurity startup that the company has acquired since the start of the year. Databricks previously ...
latesthackingnews.com

LiteLLM Vulnerability Chain: What Security Teams Running AI Gateways Need to Do Now

A three-CVE chain lets any default LiteLLM user escalate to admin and get a shell on the gateway server. A separate RCE is ...
GitHub

millsymills-com/protonmail-mcp

Requires Go 1.26+ (the toolchain is auto-bumped by go-proton-api master). The Go module path is github.com/millsmillsymills/protonmail-mcp. Build from a clone: git ...
Techzine Europe

As Anthropic claims the enterprise, OpenAI fights back with Ona deal

OpenAI is acquiring Ona, formerly known as Gitpod, a startup that lets AI agents run in cloud-based sandboxes rather than on ...
The Hacker News

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...
WeLiveSecurity

OceanLotus: From external espionage to domestic targeting

Our tracking of OceanLotus activities from 2024–2026 reveals a shift in operational focus. During this period, the Vietnam-aligned OceanLotus adopted a more selective approach to external operations ...
HerZindagi

Still Using 8GB RAM? These Laptop Upgrades Are Worth a Look

GB RAM laptops can get stuck with modern multitasking, heavy workflows, and everyday software demands. We have curated the ...

Norks blast 250+ fake job offers to developers over 6 weeks to try and snarf creds and crypto

There's another likely North Korean-linked scam hitting developers and their employers, while snarfing up credentials and ...

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...

Microsoft unveils Surface RTX Spark Dev Box for local AI workloads: Everything you need to know

Microsoft has announced the Surface RTX Spark Dev Box, a new compact desktop computer designed specifically for software developers, AI engineers and researchers.