Malicious packages for dYdX cryptocurrency exchange empties user wallets

Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX ...
The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.

How recruitment fraud turned cloud IAM into a $2 billion attack surface

Adversaries weaponized recruitment fraud to steal cloud credentials, pivot through IAM misconfigurations, and reach AI ...
InfoWorld

Vercel revamps AI-powered v0 development platform

Platform has been rebuilt to close the prototype-to-production gap for vibe coding in the enterprise, Vercel said.
Microsoft

Infostealers without borders: macOS, Python stealers, and platform abuse

How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to ...
Dark Reading

Second Round of Critical RCE Bugs in n8n Spikes Corporate Risk

A new around of vulnerabilities in the popular AI automation platform could let attackers hijack servers and steal ...
Microsoft

Case study: Securing AI application supply chains

This case study examines how vulnerabilities in AI frameworks and orchestration layers can introduce supply chain risk. Using ...

FOSSA Partners with SCANOSS to Help Organisations Manage AI Coding Risks

Technology partnership equips engineering and legal teams with new capabilities to manage IP risks from AI coding ...
InfoWorld

Apiiro’s Guardian Agent guards against insecure AI code

Application security agent rewrites developer prompts into secure prompts to prevent coding agents from generating vulnerable ...

Plotly Challenges Legacy BI Tools with the New AI-Powered Plotly Studio

Plotly announces major update to AI-native data analytics platform Plotly Studio, turning data into production-ready ...
WinBuzzer

ChatGPT’s Code Execution Containers Gain Bash Support and Multi-Language Code

ChatGPT has quietly gained bash support and multi-language capabilities, enabling users to run commands and install packages in containers without official announcements.