Tesla's former VP Andrej Karpathy shares AI coding 'horror', 'Python supply chain attack' that could have wiped millions of SSL private keys, database passwords, mor…

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software ...

Major Security Breach Of Critical AI Dependency Exposes Cloud Secrets

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...

YouTube killed my comment alerts, so I vibe-coded a fix to get them back - in just 1 hour

YouTube killed my comment alerts, so I vibe-coded a fix to get them back - in just 1 hour ...
eWeekOpinion

AI 'Glasswing' Hunts Zero-Days at Warp Speed

Anthropic's new initiative, Project Glasswing, unites a dozen major organizations—including Apple, Google, Microsoft, AWS, ...
eWeek

Luis Millares

Luis Millares has extensive experience reviewing virtual private networks (VPNs), password managers, and other security ...
Microsoft

Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize ...
HealthcareInfoSecurity

LiteLLM Hit in Cascading Supply-Chain Attack

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

AI & Tech Brief: The cybersecurity gold rush

Cybersecurity and tech firms are positioning themselves to capture the exploding market for AI “governance.” Why leading ...

Supply chain attack on LiteLLM: Affected parties should change credentials

An attack on the open-source library for connecting to LLMs has apparently occurred, allowing two compromised packages to ...
Global Investigative Journalism Network

Tips for Using AI as Reporting Tool to Uncover Wrongdoing

From fishing quotas in Norway to legislative accountability in California, investigative journalists share practical, ...
Infosecurity Magazine

How Security Leaders Can Safeguard Against Vibe Coding Security Risks

Infosecurity outlines key recommendations for CISOs and security teams to implement safeguards for AI-assisted coding ...
The Hacker News

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...