The popular NPM package ‘is’ has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. […]
US nuclear weapons agency reportedly hacked in SharePoint attacks
Unknown threat actors have reportedly breached the National Nuclear Security Administration’s (NNSA) network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. […]
OpenAI confirms ChatGPT’s new study feature, helps with exams
OpenAI is testing a new ‘Study together’ feature, and today, a new announcement within the ChatGPT web app confirms it. […]
OpenAI prepares Sora 2 to take on Google’s Veo 3
OpenAI has had enough of Google’s Veo 3 dominating generative AI videos and is now working on Sora 2, the successor to Sora. […]
Ukraine arrests suspected admin of XSS Russian hacking forum
The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor’s office. […]
CISA warns of hackers exploiting SysAid vulnerabilities in attacks
CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts. […]
OpenAI’s Sam Altman Warns of AI Voice Fraud Crisis in Banking
AI voice clones can impersonate people in a way that Altman said is increasingly “indistinguishable from reality” and will require new methods for verification.
The post OpenAI’s Sam Altman Warns of AI Voice Fraud Crisis in Banking appeared first on SecurityWeek.
npm ‘accidentally’ removes Stylus package, breaks builds and pipelines
npm has taken down all versions of the Stylus library and replaced them with a “security holding” page, breaking pipelines and builds worldwide that rely on the package. […]
New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials
The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to harvest sensitive information.
“The new Coyote variant is targeting Brazilian users, and uses UIA to extract credentials linked to 75 banking institutes’ web addresses and cryptocurrency exchanges,” Akamai security researcher Tomer
“The new Coyote variant is targeting Brazilian users, and uses UIA to extract credentials linked to 75 banking institutes’ web addresses and cryptocurrency exchanges,” Akamai security researcher Tomer
Should We Trust AI? Three Approaches to AI Fallibility
Experts unpack the risks of trusting agentic AI, arguing that fallibility, hype, and a lack of transparency demand caution—before automation outpaces our understanding.
The post Should We Trust AI? Three Approaches to AI Fallibility appeared first on SecurityWeek.