The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them

A new infostealer variant targets macOS users by spoofing Apple, Microsoft, and Google and then then gets to work searching ...
eWeek

Google AI Studio Cheat Sheet: Features, Pricing, and More

Google AI Studio lets users test Gemini models, build apps, generate media, and export code. Here’s what it does, costs, and ...
cybernews

AI platform Dify, with 10 million installs, exposes users to one-click account takeover

Dify, a popular low-code AI application development platform with over 142,000 stars on GitHub, was found to contain critical vulnerabilities that allowed a one-click account takeover. Imperva ...
CNET

If You Use Google Chrome, Your Device May Have Secretly Downloaded a 4GB AI Model

Google Chrome could be taking up some extra storage space on your device. Based on reports from earlier this month, the ...

Understanding Tor: Anonymous Browsing, Usage, and Legal Aspects

Discover Tor, a privacy network for anonymous browsing. Learn how it's used, its legality, and who benefits from it, ...
GitHub

External JavaScript for yt-dlp supporting many runtimes

The project provides lockfiles for every supported package manager. If you only have Python and a JS runtime, then you may instead run ./hatch_build.py. This will transparently invoke one of the ...