CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...
XDA Developers on MSN

I built a Python utility using Claude to automate my image editing workflow, and it saves me hours every week

Vibe-coding your problems away doesn't get easier than this ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
Pen Test Partners

ClickFix, CrashFix and the growing family of copy and paste attacks

TL;DR Introduction At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t ...

Not a whistleblower, just a student asking why lakhs were affected

Eighteen-year-old Sarthak Siddhant, a student, used basic tools to look closely at CBSE's new on-screen marking system. He ...
OfficeChai

Google Releases Magenta RealTime 2 For On-Device Live Music Synthesis

Google’s Gemma series continues to throw up all kinds of interesting models. The latest is Magenta RealTime 2 (MRT2), an open-weights model ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
Al Jazeera English

‘A paper city’: New York ‘library’ hosts 3.5 million pages of Epstein files

A mile from the Manhattan jail where convicted sex offender Jeffrey Epstein was found dead in 2019, an unassuming Tribeca gallery at 101 Reade Street has been transformed into a physical archive of ...
The Grand Junction Daily Sentinel

Library opens to house all 3,500,000 pages of the Epstein Files

The installation is built around a tribute to the survivors and victims of Epstein's crimes, and features a timeline that documents the crimes, accusations, legal proceedings, and intersections ...
moneycontrol.com

Google Chrome downloads a 4GB AI file on your device without notice: How to stop it and delete the file

Google Chrome has reportedly been downloading a hidden 4GB artificial intelligence (AI) model file on some users’ devices without clearly informing them. The file, called weights.bin, is linked to ...