Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

Hackers have compromised dozens of popular open source packages in an ongoing supply-chain attack

Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them.
CoinDesk

The $293 million KelpDAO hack shows why DeFi is finally being forced to grow up

For protocol founders and security researchers, the incident reinforced a broader shift underway across crypto: DeFi is no longer primarily battling coding bugs. It’s battling complexity.
Hackaday

Hacking Hard Drive Firmware

You probably flash new firmware on a variety of devices regularly, even though that’s rare for non-technical types. But what ...

How Do I Get Started in Cybersecurity?

This guide explores how to get started in cybersecurity, including the skills you should have in your toolkit, what experts ...
Bleeping Computer

TeamPCP hackers advertise Mistral AI code repos for sale

The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. In a post on a hacker forum, the threat actor is asking $25,000 for a set ...
The Hacker NewsOpinion

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

Weekly ThreatsDay Bulletin: supply chain attacks, fake support lures, AI tampering, data leaks, ransomware, and exploited ...
Computing

Criminals have already used AI to create a zero-day exploit

Researchers at Google say they have uncovered the first known case of hackers using AI to develop a zero-day cyber exploit.
Live Science

AI self-replication hacks 'no longer purely theoretical,' study finds —‬ ‪but experts say it's too soon to panic

Researchers say AI models can now replicate themselves across vulnerable systems, but experts warn the real threat is not ...