The Hacker News

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...

I've tested so many desktop AI tools, but Hermes with Ollama is my new favorite - here's why

AI isn't everyone's favorite topic these days, and I totally get it. I avoid the most heated issues by using AI only for ...
Security Boulevard

TeamPCP Supply Chain Attack Part 2: LiteLLM PyPI Credential Stealer

Part 1 covered CanisterWorm, the self-spreading npm worm. This post covers the next wave: a malicious LiteLLM PyPI package carrying the most capable credential stealer TeamPCP has deployed yet. To ...
cybernews

Malicious campaign targeting vulnerable OpenWebUI servers: technical analysis

During an investigation into exposed OpenWebUI servers, the Cybernews research team identified a malicious campaign targeting vulnerable OpenWebUI servers with cryptocurrency miners and Info Stealers.
i-scoop.eu

OpenFang: The Agent Operating System

Building autonomous AI agents has, until recently, felt like assembling a fragile house of cards. You stitch together Python libraries, wrestle with dependency conflicts, and cross your fingers that ...
Bleeping Computer

New sandbox escape flaw exposes n8n instances to RCE attacks

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.
WeLiveSecurity

DeceptiveDevelopment targets freelance developers

Cybercriminals have been known to approach their targets under the guise of company recruiters, enticing them with fake employment offers. After all, what better time to strike than when the potential ...