Microsoft’s open source tools were hacked to steal passwords of AI developers

Microsoft shut down dozens of GitHub code repositories for Azure and AI coding tools after a reported hack.

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

124 Million Unique Passwords Exposed In New Infostealer Log Dataset

A new collection of 124 million unique passwords from hundreds of millions of malware stealer log records has been confirmed ...

Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...
WeLiveSecurity

EvilTokens: A phishing attack that doesn’t steal your password

A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing ...
Engadget

Dashlane says hackers stole password vaults via a 'brute force attack'

Dashlane, the maker of a password manager of the same name, has shared that several users' password vaults were exposed as part of a "brute force attack." The hackers were able to download copies of ...

The maker of ChatGPT wants to make open-source projects less of a security bargain

As AI tools flood open-source maintainers with low quality bug reports, OpenAI's new Patch the Planet initiative aims to filter out the noise and fix real threats.

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...
MacRumors

Apple Passwords Can Now Automatically Fix Weak and Compromised Passwords With Agentic AI

Apple today announced that the Passwords app can now automatically update weak and compromised passwords using Apple Intelligence and Safari to take action on a user's behalf. The feature builds on ...

Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data.
9to5google

Ultrahuman says recent security breach didn’t affect passwords or credit cards

Ultrahuman’s user database was recently hacked, and the smart ring company says there was “no evidence of misuse.” On March 27, Ultrahuman experienced a security breach that allowed malicious actors ...