CrowdStrike and Google take down botnet used by hackers to target open source software developers

Cybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the ...
InfoWorld

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.
CSO Online

Google leaks details for Chromium bug that can turn browsers into bots

Reported over three years ago and allegedly still not properly fixed, the vulnerability enables attacks to execute JavaScript ...
Ars Technica

Zero-day exploit completely defeats default Windows 11 BitLocker protections

A zero-day exploit circulating online allows people with physical access to a Windows 11 system to bypass default BitLocker protections and gain complete access to an encrypted drive within seconds.
The Verge

Google stopped a zero-day hack that it says was developed with AI

Google researchers found evidence in the exploit’s code that it may have been created using AI, like a ‘hallucinated’ CVSS score. Google researchers found evidence in the exploit’s code that it may ...
Hosted on MSN

Singapore issues urgent warning after Axios supply chain breach

What happened?: Attackers took over a maintainer account for Axios and published malicious versions to npm, potentially impacting millions of downloads. Why it matters: CSA Singapore warns supply ...
The Hacker News

2026: The Year of AI-Assisted Attacks

On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of ...
TechCrunch

Satya Nadella says he’s ready to ‘exploit’ the new OpenAI deal

Microsoft CEO Satya Nadella was asked point-blank by a Wall Street analyst on Wednesday how its revised OpenAI partnership would impact Microsoft’s financials. He said that the new agreement was a ...
Ars Technica

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...
The New York Times

DeepSeek’s Sequel Set to Extend China’s Reach in Open-Source A.I.

Chinese companies have embraced making their most advanced artificial intelligence models available to all. The Chinese start-up DeepSeek shook the industry in January 2025 with its claim that it had ...
CoinDesk

Crypto's massive exploit may force big banks to rethink their blockchain plans, Jefferies warns

A major decentralized finance (DeFi) hack could prompt Wall Street firms to reassess the pace of their blockchain and tokenization efforts, a Jefferies analyst wrote in a report. The note follows a ...
MIT Technology Review

China’s open-source bet

The country’s top AI labs are undercutting US competitors and winning over developers by making their best models free. Silicon Valley AI companies follow a familiar playbook: Keep the secret sauce ...