CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...
MacStories

Introducing Shortcuts Playground: Create Apple Shortcuts with Claude Code or Codex

Today, I’m pleased to introduce something I’ve been working on for the past six months: Shortcuts Playground, a plugin for Claude Code and Codex that can create any shortcut for Apple’s Shortcuts app ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...
PCMag

Your Private Discord Voice and Video Chats Are Now End-to-End Encrypted

E2EE for voice and video started rolling out in March, but Discord has now tied up some loose ends and made it standard ...

How To Mitigate The Microsoft Windows BitLocker YellowKey USB 0-Day

Following the release of a BitLocker zero-day security bypass by a disgruntled hacker, Microsoft has now offered mitigation ...

Anthropic has acquired the dev tools startup used by OpenAI, Google, and Cloudflare

Stainless, a New York-based startup, founded in 2022, rose to prominence in the emerging AI industry for automating the ...
The Hacker NewsOpinion

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

Weekly ThreatsDay Bulletin: supply chain attacks, fake support lures, AI tampering, data leaks, ransomware, and exploited ...
CSO Online

ClickFix finds a backup plan in PySoxy proxy chains

ReliaQuest observed attackers pairing ClickFix with the PySoxy proxy tool to establish redundant encrypted access paths and ...
SecurityWeek

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

CRPx0 is a complex, stealthy malware campaign that targets macOS and Windows systems, and appears to have Linux capabilities ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
Security Boulevard

How to Connect Custom AI Agents with Slack

Whether you want simple fire-and-forget alerts or full two-way control, here's how to securely wire your AI agent into Slack.
BizTech

How Can Public and Private Key Encryption Protect Private Data?

As part of daily operations, small businesses may need to collect or exchange sensitive data that should be protected. It could be a financial transaction, a mailing address or some other personally ...