The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the ...
Ars Technica

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...
VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
Morningstar

ADEX Publishes Analysis of XCSSET Malware: Research Details How Active Infection Spreads Silently Through Xcode Projects, GitHub Repositories, and Developer Credentials

LIMASSOL, Cyprus, May 19, 2026 /PRNewswire/ -- The ADEX security team has released a detailed technical case study documenting a live XCSSET infection detected, captured, and analyzed within a client ...
TechCrunch

Pentagon inks deals with Nvidia, Microsoft, and AWS to deploy AI on classified networks

After landing agreements with Google, SpaceX, and OpenAI, the U.S. Defense Department said on Friday that it has signed deals with Nvidia, Microsoft, Amazon Web Services, and Reflection AI that allow ...
Microsoft

Accenture is rolling out Copilot to a workforce the size of Denver. Here’s how they’re doing it.

Deploying Microsoft 365 Copilot to 20,000 employees might sound like a big undertaking, but Accenture was just getting started. The global professional services firm is rolling out Copilot across its ...
CSOonline

Bitwarden CLI password manager trojanized in supply chain attack

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may be behind a spate of recent supply chain attacks. Researchers warn of a new ...
SiliconANGLE

Anthropic launches Claude Design to speed up graphic design projects

The latest addition to Anthropic PBC’s product portfolio is Claude Design, a tool that enables users to generate visual assets with prompts. The company launched the offering into public preview today ...
TechCrunch

Anthropic debuts preview of powerful new AI model Mythos in new cybersecurity initiative

Anthropic on Tuesday released a preview of its new frontier model, Mythos, which it says will be used by a small coterie of partner organizations for cybersecurity work. In a previously leaked memo, ...
SecurityWeek

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

The popular Telnyx Python SDK is the latest victim of TeamPCP’s weeks-long supply chain campaign targeting the broad open source software ecosystem. The campaign started on March 19 with Aqua Security ...
Infosecurity-magazine.com

TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise

A widely used Python package with more than 95 million monthly downloads has been compromised with credential-stealing malware, expanding the ongoing supply chain campaign linked to the TeamPCP threat ...