CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

Exclusive: MotherDuck adds agentic data ingestion to its cloud analytics service

MotherDuck Corp., the maker of a cloud-native data warehouse based on the open-source DuckDB analytical engine, is betting ...
Tech Times

AI Agent Discovery Gets Open DNS Standard: DNS-AID Launches Under Linux Foundation

AID, launched under the Linux Foundation, lets AI agents find each other through existing DNS infrastructure using SVCB ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
Tech Times

Pluto.jl Reaches 1.0: Julia’s Reactive Notebook Now Production-Ready for Research

Julia reactive notebook Pluto.jl reached version 1.0 on May 27, ending six years of development with a stable API commitment.
MUO on MSN

5 package managers that work on Windows, Mac, and Linux

If reinstalling software feels repetitive, these tools have some ideas.
XDA Developers on MSN

Two old GPUs I salvaged are doing more AI work than a brand new $2000 card, and I won't be upgrading anytime soon

I built a local AI setup out of two old GPUs that sell for cheap, and it beats a single new card ...

Netflix wiz creates app to slash AI bills, then open sources it

As the COOs from both Uber and Microsoft recently learned, encouraging company engineers to use AI aggressively can lead to ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard ...
The Hacker News

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access ...
CIO

DocLang aims to make documents readable by AI, not humans

Development of the AI-native DocLang document format raises questions about its impact on human workers, as well as on governance and accountability.
The Hacker News

⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More

Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a ...