GitHub disables Microsoft repos pushing password-stealing malware

Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, ...

Norks blast 250+ fake job offers to developers over 6 weeks to try and snarf creds and crypto

There's another likely North Korean-linked scam hitting developers and their employers, while snarfing up credentials and ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

Microsoft’s open source tools were hacked to steal passwords of AI developers

Microsoft shut down dozens of GitHub code repositories for Azure and AI coding tools after a reported hack.

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps

The new open-source project could serve as the basis for a future of apps with features as complex as Slack, Discord, or ...
Decrypt

MetaMask Launches AI Agent Wallet With Built-In Security Controls

MetaMask's new self-custodial wallet is designed to let AI agents trade across DeFi while keeping users in control of funds ...
SecurityWeek

OpenAI Rolling Out ChatGPT Account Security Controls

OpenAI is making two ChatGPT security controls more widely available, giving users additional tools to protect their accounts ...
The Hacker News

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New Stories

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...
Lifehacker

10 Hacks Every Bitwarden User Should Know

Khamosh Pathak is a freelance tech journalist with over 13 years of experience writing online. An accounting graduate, he turned his interest in writing and technology into a career. He holds a ...

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
Android Police

I switched from 1Password to Android's native credential manager, and here is what I gained and lost

I've been writing about Android since 2011, with a focus on device reviews, Samsung and Google Pixel hardware, and the latest happenings in the ecosystem. In my entire writing career, I've reviewed ...