The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...
InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...
Decrypt

Fast-Growing Open-Source AI Assistant Is Testing the Limits of Automation—and Safety

An open-source AI assistant is spreading rapidly among developers, even as security researchers warn safeguards have lagged ...

OpenAI spills technical details about how its AI coding agent works

On Friday, OpenAI engineer Michael Bolin published a detailed technical breakdown of how the company’s Codex CLI coding agent ...

MIT’s new ‘recursive’ framework lets LLMs process 10 million tokens without context rot

While standard models suffer from context rot as data grows, MIT’s new Recursive Language Model (RLM) framework treats ...
CSO Online

Misconfigured demo environments are turning into cloud backdoors to the enterprise

Beyond this, Yaffe advised enterprises to “inventory everything” to establish a complete, up-to-date picture of all cloud ...

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...
Security BoulevardOpinion

Clawdbot Is What Happens When AI Gets Root Access: A Security Expert’s Take on Silicon Valley’s Hottest AI Agent

Clawdbot is the viral AI assistant everyone's installing—but giving AI agents full system access raises critical security ...

When AI 'builds a browser,' check the repo before believing the hype

Autonomous agents may generate millions of lines of code, but shipping software is another matter Opinion AI-integrated ...
The Hacker News

Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers

Cloudflare patched an ACME HTTP-01 validation flaw that disabled WAF protections and let unauthorized requests reach origin ...

Does llms.txt matter? We tracked 10 sites to find out

We analyzed llms.txt across 10 websites. Only two saw AI traffic increases — and it wasn't because of the file.
Cryptopolitan on MSN

North Korean hackers hit 3,100+ IPs in AI, crypto, finance job scam

North Korean-linked hackers targeted more than 3,100 IP addresses tied to AI, crypto, and finance firms using fake job ...