New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...
MIT Technology Review

The Meta hack shows there’s more to AI security than Mythos

Gong and other scholars have been issuing warnings about the security vulnerabilities of AI agents for a while. They publish ...
Tech Times

Agentic AI Security Alarm at Infosecurity Europe: Free LLM Now Powers Adaptive Worm

Agentic AI security dominated Infosecurity Europe 2026 as Toronto researchers proved a free open-weight AI worm can ...
Tech Xplore

AI worm adapts across networks, turning any online device into potential target

A team of researchers at the University of Toronto has discovered a new class of cyberthreat that gives hackers more power ...
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

Researchers show how AI-powered worms could wreak havoc on the internet

We've seen how AI can be used to find flaws in apps and websites, but researchers have now demonstrated how it could be ...

Scientists Find Way to Supercharge Dangerous Computer ‘Worms’ With A.I.

Researchers at the University of Toronto showed how hackers could use artificial intelligence to create a program that could ...
The Hacker News

âš¡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

Your Monday cybersecurity recap covers the latest digital threats, exposed weaknesses, active attacks, and security stories ...

Error in Docker Model Runner allows sandbox escape on macOS

A security update closes a malicious code vulnerability in Docker for macOS. If attackers successfully exploit a security ...
Tech Times

llama.cpp GGUF Parser Flaws: Critical Integer Overflow Enables Arbitrary Reads in Every Local AI Stack

GGUF parser vulnerabilities disclosed May 15, 2026 include a critical integer overflow that lets any malicious model file ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.