Graham Cluley

Smashing Security podcast #471: This AI worm just rewrote its own rules

Researchers at the University of Toronto have built a worm that thinks for itself. Using free off-the-shelf AI models it ...

Pittsburgh Taco Festival to return this fall, featuring local entrepreneurs and small businesses

The Pittsburgh Hispanic Development Corp. will showcase entrepreneurs from its business incubator at its tenth annual taco ...
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
Opinion
Foreign AffairsOpinion

How to Counter Beijing’s Unauthorized “Distillation”

A new front has opened in the U.S.-China competition in artificial intelligence: open-weight, local AI models. Until recently, the most capable AI models were too big and too costly to run anywhere ...

Wing shop files for liquor license at former LaSalsa site in Mountain View

The concept is taking over a former LaSalsa location at San Antonio Road and El Camino Real. Multiple chicken chains are ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
SecurityWeek

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...
The Hacker News

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

FROST uses JavaScript and OPFS SSD timing to identify websites at 88.95% F1, exposing cross-browser privacy leaks.

How a USB-connected speaker can infect a PC without ever being touched

CTP allows devices connected via Bluetooth or USB to send commands to the speaker, such as changing LED colors and equalizer ...
Tech Times

Red Hat npm Packages Compromised, 57 More Follow: Signed Attestations Cannot Block Pipeline Hijack

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...