New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
The Hacker News

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...

WebMCP Can Be Used To Hijack AI Agents, Chrome Warns

Google Chrome is warning developers that WebMCP tools can be used to manipulate and hijack AI agents. New guidance outlines ...

Unofficial script lets you install unreleased Windows 11 features without Microsoft Account0 0

This unofficial script enables users to install and access unreleased Windows 11 features while bypassing the requirement for ...

Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges

A security researcher has released a new Microsoft Defender zero-day exploit named "RoguePlanet" just hours after Microsoft ...
SecurityWeek

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...