GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

I let Claude audit my messy Home Assistant setup, and it was a massive wake-up call

I gave Claude access to my Home Assistant. It helped me audit, debug, and improve my smart home better than I ever could have ...
makeuseof

Your Windows 11 drive is probably encrypted right now — here's where Microsoft hid the key

Rob LeFebvre is an editor and writer focusing on consumer and enterprise technologies for a broad range of outlets. He’s been writing online for more than 15 years; before that he was a special ...
The Hacker News

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...
The Hacker News

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...

I've reviewed every PDF editor out there - then I had ChatGPT build me a better one

I've reviewed every PDF editor out there - then I had ChatGPT build me a better one ...
Memeburn

Claude Code Auto Mode could make AI coding feel far less annoying

Claude Code Auto Mode introduces a new way for Anthropic’s coding assistant to reduce repetitive approval prompts during multi-step coding workflows. The feature could make AI coding tools feel more ...

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...
Rochester Institute of Technology

Students tackle OpenSSL issues to help keep the internet encrypted

As part of a cybersecurity course, RIT students are helping ensure that internet communications stay secure. For three semesters, students have been patching issues with OpenSSL—a free and open-source ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...