Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

Discord users breach access controls to reach Anthropic’s Mythos model

Unauthorized access to Anthropic’s Mythos AI highlights growing concerns around safeguarding powerful systems, exposing vulnerabilities not in the model itself but in its surrounding access ecosystem.

Security News This Week: Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos

Plus: Spy firms tap into a global telecom weakness to track targets, 500,000 UK health records go up for sale on Alibaba, ...
Hackaday

This Week In Security: Docker Auth, Windows Tools, And A Very Full Patch Tuesday

CVE-2026-34040 lets attackers bypass some Docker authentication plugins by allowing an empty request body. Present since 2024, this bug was caused by a previous fix to the auth workflow. In the ...
Ars Technica

Dad stuck in support nightmare after teen lied about age on Discord

Brady Frey did not realize that his daughter lied about her age when she set up her Discord account. He only found out after her account got hacked and he got trapped in a spiraling support nightmare ...
Wired

The Hack That Exposed Syria’s Sweeping Security Failures

When Syrian government accounts were hijacked in March, the breach looked chaotic. But it revealed something more troubling: a state struggling with the most basic layer of cybersecurity. When a wave ...
WECT

Pro-Iranian group claims credit for hack of FBI Director Kash Patel’s personal account

WASHINGTON (AP) — A pro-Iranian hacking group claimed Friday to have hacked an account of FBI Director Kash Patel and posted online what appear to be years-old photographs of him, along with a work ...