The Hacker News

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access ...
techxplore

AI and ultralow-energy lasers enable an ultrafast authentication system

The security of modern communications heavily relies on systems that can rapidly and reliably verify users and the devices they are using. This process, known as authentication, essentially entails ...
JD Supra

Privacy under pressure: Challenges in the age of AI

Since its enactment, HIPAA has governed how healthcare organizations, providers, and their business associates (BAs) collect, use, disclose, ...
CSO Online

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...
OSTechNix

Why Startups Need Smarter Authentication Before They Scale

Here's the stage-by-stage framework for choosing the right authentication stack before scale forces your hand.

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...

How Apple turned to math to defend against next-gen attacks on encryption

Apple says testing missed flaws in new encryption designed to protect against future attacks from quantum computers, so it ...
Tech Times

npm Supply Chain Attacks Hit GitHub: 2FA Approval Gate Now Blocks Stolen CI Tokens

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...
Biometric Update

China creates digital ID for humanoid robots

The project outlines a governance architecture that treats humanoid robots less like appliances and more like regulated ...
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

Microsoft Is Phasing Out SMS 2FA Codes For Personal Accounts

Microsoft is phasing out SMS 2FA for personal accounts as it pushes users toward passkeys and other passwordless sign-in ...