Popular Python libraries used in Hugging Face models subject to poisoned metadata attack

The open-source libraries were created by Salesforce, Nvidia, and Apple with a Swiss group Vulnerabilities in popular AI and ...
Dark Reading

AsyncRAT Malware Infests Orgs via Python & Cloudflare

The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade ...

Hackers are now exploiting the safety of open-source apps to sideload malware, and on LinkedIn of all places

The good news is that not clicking on unknown links avoids it entirely.

Python libraries used in top AI and ML tools hacked

The bugs have been fixed, so users should patch now, experts warn.
How-To Geek on MSN

5 VS Code alternatives optimized for specific jobs

Not everything has to be one size fits all; some forks are better for specific projects than others.
The Hacker News

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

Researchers found a LinkedIn phishing campaign delivering a remote access trojan via DLL sideloading, WinRAR SFX files, and ...
SecurityWeek

Chainlit Vulnerabilities May Leak Sensitive Information

Vulnerabilities in Chainlit could be exploited without user interaction to exfiltrate environment variables, credentials, ...

10 things I learned from burning myself out with AI coding agents

Like all AI models based on the Transformer architecture, the large language models (LLMs) that underpin today’s coding ...
Dark Reading

Vulnerabilities Threaten to Break Chainlit AI Framework

Familiar bugs in a popular open source framework for AI chatbots could give attackers dangerous powers in the cloud.
Cybernews

LinkedIn DM phishing campaign targets high-value execs with weaponized file downloads

A phishing campaign targeting carefully selected “high-value” corporate employees has been using LinkedIn direct messages to deliver weaponized downloads, highlighting how criminals are shifting away ...