The Hacker News

ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

Weekly ThreatsDay recap: old bugs, fake tools, shady payload tricks, AI mishaps, and the usual reminder that the internet is ...

Sydney Sweeney fires back at 'Euphoria' critics with provocative behind-the-scenes photos

Sydney Sweeney claps back at Euphoria critics with behind-the-scenes photos, writing "it's called... acting" in defense of ...
TMCnet

fal Launches Krea 2 as an Official API Partner, Bringing Krea's First Foundation Image Model to Developers

API partner for Krea 2, the first foundation image model built from scratch by Krea, now available to developers worldwide ...
CNET

Google's Been Quietly Using Your Hard Drive for AI. Here's What to Do About It

Google Chrome could be taking up some extra storage space on your device. Based on reports from earlier this month, the browser has been automatically downloading a 4GB AI model onto some users' hard ...
CSOonline

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are becoming a new software supply chain attack vector. A malicious Hugging ...

Linux vulnerability "Copy Fail" is already being attacked

The Linux "Copy Fail" vulnerability, which grants attackers root privileges, became known before the weekend. It is already ...
CSOonline

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed. PyPI is ...
SiliconANGLE

‘PyStoreRAT’ malware uses fake developer tools on GitHub to infect Windows systems

A new report out today from endpoint security firm Morphisec Inc. details a previously undocumented malware family dubbed “PyStoreRAT” that abuses trusted open-source platforms and Windows scripting ...
Bleeping Computer

Gootloader malware is back with new tricks after 7-month break

The Gootloader malware loader operation has returned after a 7-month absence and is once again performing SEO poisoning to promote fake websites that distribute the malware. Gootloader is a JavaScript ...