Meet the OpenAI Engineer Leading ChatGPT's Biggest Transformation Yet

Thibault Sottiaux helped make AI coding one of OpenAI’s fastest-growing businesses. Now he’s overseeing a sweeping overhaul ...

Jedify raises $24M to help companies arm AI agents with context on their business

The funding round was led by Norwest, with participation S Capital VC, Cerca Partners, and Oceans Ventures. Snowflake ...
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
About Amazon

Claude Fable 5 from Anthropic now available on AWS

Anthropic's 5th-generation AI model makes Mythos-level capabilities available to all customers and shows exceptional ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...
The Hacker News

⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More

Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a ...
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...

Netflix wiz creates app to slash AI bills, then open sources it

As the COOs from both Uber and Microsoft recently learned, encouraging company engineers to use AI aggressively can lead to ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
Dark Reading

Google API Keys Remain Active After Deletion

Google API keys aren't completely inactive after users delete them, giving attackers a small but significant window to continue abusing them. Joe Leon, researcher at Belgian startup Aikido Security, ...