GitHub disables Microsoft repos pushing password-stealing malware

Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, ...
PCMag

iOS 27 Uses AI to Automatically Fix Weak Passwords for You

The Passwords app will use Apple Intelligence and Safari to sign in to your online accounts and change weak or compromised ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...

iOS 27’s Passwords app can change your passwords for you, automatically

Apple has unveiled a new iOS 27 feature for the Passwords app: an AI capability that can automatically change your passwords ...
Martin Cid Magazine

GlassWorm hid invisible code in VS Code extensions for a year before its takedown

For more than a year, a self-propagating worm rode VS Code extensions, npm packages, and stolen developer credentials through ...
Arabian Post

InvisibleFerret shift raises developer risks

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...
badgerswire.usatoday

Florida Python Challenge 2026 dates are set. How 2025 champ scored the win

The dates for the 2026 Florida Python Challenge – the annual 10-day hunt for invasive Burmese pythons – were announced today, May 19, with registration now open. The 2026 python hunt will run from ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...

Running Claude Code or Claude in Chrome? Here's the audit matrix for every blind spot your security stack misses

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix maps every blind spot and fix.