The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...

Malicious Chrome Extensions found on Web Store, Over 1 lakh users at risk: Remove now

Security researchers have discovered several malicious Chrome extensions on the official Chrome Web Store that can steal user data and compromise privacy. Some of these extensions are still available ...
Cyber Daily

Hacked: US cyber agency adds six vulnerabilities to known-exploited listing

Microsoft zero-day vulnerability added to KEV Catalog alongside SmarterTools SmarterMail authentication bypass bug and ...

OpenAI spills technical details about how its AI coding agent works

On Friday, OpenAI engineer Michael Bolin published a detailed technical breakdown of how the company’s Codex CLI coding agent ...
The Hacker News

Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers

North Korean group Konni uses AI-assisted PowerShell malware and phishing via Google ads and Discord to breach blockchain ...
InfoWorld

16 open source projects transforming AI and machine learning

From fine-tuning open source models to building agentic frameworks on top of them, the open source world is ripe with ...

What to know about a French ex-senator on trial for drugging a lawmaker to sexually assault her

In the wake of the Pelicot trial, France adopted a new law in October 2025 defining rape and other sexual assault as any ...
InfoQ

Google Releases Gemma 3 270M Variant Optimized for Function Calling on Mobile and Edge Devices

FunctionGemma is a new, lightweight version of the Gemma 3 270M model, fine-tuned to translate natural language into structured function and API calls, enabling AI agents to "do more than just talk" ...

Malicious Microsoft AI extensions might have hit over 1.5 million users

Two VSCode extensions are harvesting sensitive data and sending it to China.