Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

/in

The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency.
Versions 1.14.1 and 0.30.4 of Axios have been found to inject “plain-crypto-js” version 4.2.1 as a fake dependency.
According to StepSecurity, the two versions were published using the compromised npm credentials of the primary Axios

The Hacker News – ​Read More

Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise 

/in

Researchers found an OpenAI Codex vulnerability that could have been exploited to compromise GitHub tokens.

The post Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise  appeared first on SecurityWeek.

SecurityWeek – ​Read More

This privacy-first chatbot is taking off – here’s why and how to try it

/in

Users are flocking to Duck.ai. Is it a reaction to increasing concerns about AI companies and privacy? Here’s what you should know.

Latest news – ​Read More

I installed this Arch-based distro my way in under 5 minutes – so can you

/in

Thanks to the Prism Linux installer, I curated exactly the software I wanted and achieved the holy grail of out-of-the-box experiences.

Latest news – ​Read More

AI Agents Are Democratizing Finance but Also Redefining Risk

/in

AI agents are transforming finance, enabling automated trading and payments, but introduce new risks around keys, data inputs and secure execution control.

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More

Don’t ignore your desktop PC’s empty M.2 slots – they’re more useful than you think

/in

M.2 slots aren’t just for storage; you can get more use out of your desktop with some initial investment.

Latest news – ​Read More

My favorite smart notebook for to-do lists is currently on sale

/in

The Boox Note Air 5C is an E Ink tablet that acts as a journal, personal planner, note-taker, and more, and you can get a deal on a bundle during Amazon’s Big Spring Sale.

Latest news – ​Read More

AI-Powered ‘DeepLoad’ Malware Steals Credentials, Evades Detection

/in

The massive amount of junk code that hides the malware’s logic from security scans was almost certainly generated by AI, researchers say.

darkreading – ​Read More

What Google’s TurboQuant can and can’t do for AI’s spiraling cost

/in

Google’s real-time quantization could be important for running local AI. Here’s why.

Latest news – ​Read More

OpenAI Codex Vulnerability Allowed Attackers to Steal GitHub Tokens

/in

OpenAI Codex vulnerability allowed attackers to steal GitHub tokens via malicious branch names using hidden Unicode command injection flaw.

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More