Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

Mini Shai-Hulud worm injects disk wiper into Microsoft Azure PyPI package

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...
OS X Daily

How to Prevent Chrome Browser from Downloading 4GB of Local AI Model Files

If you’re a Mac user of the Chrome web browser, as many are, you might be interested to know that the latest versions of ...
The Hacker News

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

Critical out-of-bounds read in Ollama before 0.17.1 leaks process memory including API keys from over 300000 servers via ...

JDownloader site hacked to replace installers with Python RAT malware

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...

Google Chrome may have silently installed 4GB AI model on your computer. Here's how to check

Reporting from May 2026 accurately claimed that Google Chrome silently installed a 4-gigabyte artificial intelligence model ...
WPLG

Local duo stayed in room 305 at hotel near Miami airport ― and cops say they stole packages there

MIAMI SPRINGS, Fla. — Miami Springs police arrested a man and woman on accusations that they stole packages from hotel guests. Officers took Jasmine Castellanos, 30, of Hialeah, and William Thad Page, ...

Is Chrome's 4GB 'weights.bin' file spyware? Google clarifies (Updated)

Chrome is silently downloading 4GB AI model files to your PC. Learn what Gemini Nano "weights" are and how to delete them to reclaim storage.

Linux vulnerability "Copy Fail" is already being attacked

The Linux "Copy Fail" vulnerability, which grants attackers root privileges, became known before the weekend. It is already ...
Morning Overview on MSN

Hackers poisoned the PyTorch Lightning AI package and it started stealing credentials the moment you imported it

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of the PyTorch Lightning package from PyPI triggered a hidden credential ...