CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
InfoWorld

IBM and Red Hat want to become the ‘security clearinghouse’ for open source applications in the enterprise

The $5 billion Project Lightwell initiative combines AI systems with 20,000 engineers to deliver validated fixes directly ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...

JetBrains open-sources Mellum 2, featuring 12B total parameters

JetBrains has open-sourced Mellum 2, the successor to Mellum, its code completion-focused model that was also released as ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

Florida Python Challenge 2026 dates are set. How 2025 champ scored the win

The dates for the 2026 Florida Python Challenge are set. Here's how last year's winner captured a whopping 60 pythons for the $10,000 grand prize.
The Hacker News

PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network

PCPJack built a 230-node SMTP relay from hijacked cloud servers, syncing verified proxies every five minutes for scalable ...

Supabase raises $500M as AI coding tools drive ‘phenomenal’ growth

The round comes just eight months after Supabase closed on its Series E and means it has now raised over $1 billion in total ...
InfoWorld

Microsoft’s open-source toolkit for controlling out-of-control AI agents

The Agent Governance Toolkit brings runtime policy enforcement to autonomous agents, targeting the OWASP top 10 agent risks.
Biometric Update

Notre Dame researchers release open-source iris recognition tools built for NIST testing

The work addresses a gap in biometric testing, as NIST’s IREX has focused primarily on closed-source commercial iris ...