Tesla's former VP Andrej Karpathy shares AI coding 'horror', 'Python supply chain attack' that could have wiped millions of SSL private keys, database passwords, mor…

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software ...

YouTube killed my comment alerts, so I vibe-coded a fix to get them back - in just 1 hour

YouTube killed my comment alerts, so I vibe-coded a fix to get them back - in just 1 hour ...

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

AI & Tech Brief: The cybersecurity gold rush

Cybersecurity and tech firms are positioning themselves to capture the exploding market for AI “governance.” Why leading ...

Supply chain attack on LiteLLM: Affected parties should change credentials

An attack on the open-source library for connecting to LLMs has apparently occurred, allowing two compromised packages to ...
VnExpress International on MSN

Vietnamese teen accused of creating malware that infected 94,000 computers worldwide

A 12th-grade student in Thanh Hoa Province has been accused of developing malicious software and selling it to cybercrime ...
The Hacker News

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching ...
VietNamNet

Vietnam police bust global cybercrime ring run by student coder

A student programmer allegedly developed malware used in a transnational cybercrime operation generating billions of VND.
The Hacker News

ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

ClickFix campaigns spread MacSync macOS infostealer via malicious Terminal commands since Nov 2025, targeting AI tool users ...
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

"CanisterWorm" supply chain malware attacks npm

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...