Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...

I had ChatGPT build me a free PDF editor because I didn't trust it to change my files - it worked!

The smartest way to use AI may not be letting it touch your files, but asking it to write software that handles them safely - ...
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
CSO Online

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...
XDA Developers on MSN

A poisoned VS Code extension led to a GitHub breach, and Microsoft owns every link in the chain

Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.

Google blocked the first known AI-powered attack on 2FA accounts; here is how hackers tried to break in, know how to stay safe

Google prevents first known instance of 2FA cyber attack where hackers used AI-developed zero-day exploit; Know how to stay safe ...
Hosted on MSN

Google foils first AI-built zero-day exploit targeting 2FA

Historic AI exploit: Google says hackers used AI to create a zero-day 2FA bypass, marking the first recorded case of AI-built exploit generation in the wild. Attack stopped early: The planned mass ...
cybernews

Python-based VVS Stealer sneaks off with your Discord data

A new Python-based information stealer called VVS Stealer is capable of harvesting Discord credentials and tokens, cybersecurity researchers say. In fact, the stealer seems to have been specifically ...
thecyberexpress

New Polymorphic Malware Undetected by Security Tools

A new polymorphic malware identified by a security researcher earlier this week remains undetected by most security tools. Xavier Mertens wrote about the malware in a SANS blog post on October 8. At ...
Bleeping Computer

From infostealer to full RAT: dissecting the PureRAT attack chain

An investigation into what appeared at first glance to be a “standard” Python-based infostealer campaign took an interesting turn when it was discovered to culminate in the deployment of a ...