Publishing professionals are becoming prime targets for impersonation
 Publishing professionals are becoming prime targets for impersonation

An aspiring author receives an email from a “literary agent” expressing enthusiasm about their manuscript. The message is polished, personalized, and professional. The sender references recent bestsellers, adaptation potential, and submission strategy….

,
A single GitHub issue could have hijacked Anthropic’s own Claude Code action and poisoned every project that uses it
 A single GitHub issue could have hijacked Anthropic’s own Claude Code action and poisoned every project that uses it

The attack starts with a GitHub issue. Not a sophisticated one. Just an issue opened by a bot account with a carefully worded body that looks like an error message. When Claude Code’s GitHub Action picks it up for triage, it follows the instructions hi…

, ,
A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month
 A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month

The npm package looked legitimate. It had an active GitHub repository, steady development history, and roughly 29,000 weekly downloads. For developers using OpenAI Codex, it offered exactly what it advertised: a remote web UI for the AI coding tool. Bu…

, ,
One click on GitHub.dev is all it takes to hand over your private repositories
 One click on GitHub.dev is all it takes to hand over your private repositories

Every developer who has ever pressed the period key on a GitHub repository, launching the convenient browser-based VS Code editor known as GitHub.dev, has unknowingly accepted a bargain. In exchange for a lightweight coding environment, GitHub silently…

,
Hackers brute-forced Dashlane’s two-factor authentication and downloaded encrypted password vaults
 Hackers brute-forced Dashlane’s two-factor authentication and downloaded encrypted password vaults

Dashlane disclosed on Sunday that an external attacker launched a brute-force attack against its two-factor authentication system, successfully bypassing 2FA protections on fewer than 20 personal plan user accounts and downloading copies of their encry…

, ,
Hackers hijacked Instagram accounts by asking Meta’s own AI chatbot to reset the password
 Hackers hijacked Instagram accounts by asking Meta’s own AI chatbot to reset the password

Hackers hijacked Instagram accounts over the weekend by tricking Meta’s own AI-powered support chatbot into granting them access. The attack required no access to the victim’s email, no phishing link, and no malware. The hacker simply asked the chatbot…

, , ,
A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using it
 A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using it

A critical vulnerability in WP Maps Pro, a commercial WordPress plugin with more than 15,000 sales on the Envato Market, is being actively exploited by attackers to create malicious administrator accounts on vulnerable sites. The flaw, tracked as CVE-2…

, ,
A GTA V cheat service that promised “enhanced privacy” just got hacked, exposing 64,000 accounts
 A GTA V cheat service that promised “enhanced privacy” just got hacked, exposing 64,000 accounts

Atlas Menu, a cheat service for Grand Theft Auto V’s online mode, has been hacked, exposing the personal data of nearly 64,000 users. The stolen data included email addresses, usernames, hashed passwords, IP addresses, and support tickets, according to…

, , ,
Anthropic is finally giving the EU access to Mythos, ending weeks of standoff over the world’s most powerful cybersecurity AI
 Anthropic is finally giving the EU access to Mythos, ending weeks of standoff over the world’s most powerful cybersecurity AI

Anthropic has agreed to give the European Union’s cybersecurity agency, ENISA, access to Claude Mythos, the AI model that has autonomously discovered more than 10,000 high- and critical-severity zero-day vulnerabilities across every major operating sys…

, , , ,
The people who trained Tesla’s self-driving AI won’t ride in it
 The people who trained Tesla’s self-driving AI won’t ride in it

Reuters interviewed nine former Tesla data labelers and a former self-driving engineer about their views on Tesla’s Full Self-Driving mode. Seven of the nine data specialists said they would not ride in a Tesla operating on FSD. One said they would not…

, , ,