Bleeping Computer

New Infinity Stealer malware grabs macOS data via ClickFix lures

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. The attack uses the ClickFix ...
PC Magazine

Update Your iPhone Now: 'DarkSword' Leak Puts Millions at Risk of Hacks

The iPhone merely needs to visit the malicious site via Apple’s Safari browser. When the exploit was first disclosed, security researchers had only identified a few shadowy groups and surveillance ...
IEEE

DrainCode: Stealthy Energy Consumption Attacks on Retrieval-Augmented Code Generation via Context Poisoning

Abstract: Large language models (LLMs) have demonstrated impressive capabilities in code generation, by leveraging retrieval-augmented generation (RAG) methods. However, the computational costs ...
The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, ...
TechCrunch

Anthropic hands Claude Code more control, but keeps it on a leash

For developers using AI, “vibe coding” right now comes down to babysitting every action or risking letting the model run unchecked. Anthropic says its latest update to Claude aims to eliminate that ...
Bleeping Computer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python ...
kcra.com

Man in Michigan synagogue attack lost family members in Israeli airstrike in Lebanon, official says

A week before he armed himself with a rifle and rammed a vehicle into a synagogue outside Detroit, Lebanese-born Ayman Mohammad Ghazali learned that four family members had been killed by an Israeli ...
kcra.com

Old Dominion shooter convicted of Islamic State group ties freed from prison 2 years before attack

Court documents show less than two years after Mohamed Bailor Jalloh was released from prison for attempting to aid the Islamic State, he opened fire in a classroom at Virginia's Old Dominion ...
CBS News

Iran says major U.S. tech firms are targets in the Middle East, with drone and cyberattacks already underway

Iran has listed a number of major U.S. tech companies as potential targets as it expands its attacks across the Middle East in retaliation for the ongoing U.S. and Israeli attacks on its military and ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...