SecurityWeek

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover

Orca has discovered a supply chain attack that abuses GitHub Issue to take over Copilot when launching a Codespace from that ...
New York Magazine on MSN

The AI-Powered Hacking Spree Is Here

It turns out AI-coding tools are useful to criminals, too.

CarGurus data breach exposes information of 12.4 million accounts

The ShinyHunters extortion group has published personal information in more than 12 million records allegedly stolen from ...

Microsoft deleted a blog promoting AI trained on pirated Harry Potter books

Microsoft’s deleted Harry Potter AI blog highlights the messy ethics of training large language models on pirated content.

Fake Next.js job interview tests backdoor developer's devices

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...