For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
Microsoft

AI brands as bait: How threat actors are using the AI hype in social engineering

As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. In recent months, Microsoft Threat ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
IEEE

SECRET: Towards Scalable and Efficient Code Retrieval via Segmented Deep Hashing

Abstract: Code retrieval, which retrieves code snippets based on users' natural language descriptions, is widely used by devel-opers and plays a pivotal role in real-world software development. The ...
Tech Times

llama.cpp GGUF Parser Flaws: Critical Integer Overflow Enables Arbitrary Reads in Every Local AI Stack

GGUF parser vulnerabilities disclosed May 15, 2026 include a critical integer overflow that lets any malicious model file ...
Spiceworks on MSN

Did AI write the worm that breached GitHub’s own house?

A single developer. One poisoned extension. Five supply chain surfaces compromised in 48 hours. And a threat group claiming ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
IEEE

BioDeepHash: Generating Consistent Templates for Secure Biometric Recognition

Abstract: Given the immutability of biometric data, it is imperative to develop a biometric template protection method that guarantees the complete non-disclosure of any original biometric information ...
GitHub

Pinductor — Learning POMDP World Models from Observations with Language-Model Priors

Code release for the accompanying paper Learning POMDP World Models from Observations with Language-Model Priors. Pinductor uses a large language model as a prior over executable POMDP programs, and ...