Microsoft

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
Hackaday

This Week In Security: Arch AUR, Steam Marketplace, WordPress All Face Issues, Taco-Themed Coding, And Mythos Makes National News

Starting on June 11, 2026, the Arch User Repository (AUR) was targeted by malware which rapidly compromised over 1,500 packages. The AUR repository allows for abandoned community packages to be taken ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
techtimes

Xiaomi MiMo Code Claims to Beat Claude Code: Benchmark Scores Are Self-Reported

Xiaomi released MiMo Code V0.1.0 on June 10, 2026 — a terminal-native coding agent built on a fork of the open-source OpenCode project, bundled with free access to Xiaomi's own 1-trillion-parameter ...
Reuters

Meta repeatedly pushes back new AI model release for developers, WSJ says

June 3 (Reuters) - Meta (META.O), opens new tab has repeatedly pushed back plans to release its new Muse Spark ‌AI model API to developers, and as of Tuesday, had no scheduled launch date, the Wall ...
Wall Street Journal

Meta Keeps Delaying the Release of Its New AI Model to Developers

Meta Platforms META-0.26%decrease; down pointing triangle has delayed plans to release its newest artificial intelligence model to developers multiple times and as of Tuesday didn’t have a planned ...
Forbes

Tesla ‘Model 2’ Takes Shape

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. Photo: Christophe Gateau/dpa (Photo by Christophe Gateau/picture alliance via Getty Images) ...
Infosecurity-magazine.com

Malicious Hugging Face Repository Typosquats OpenAI

Security researchers have uncovered covert infostealer malware hidden in one of the top-ranking repositories on Hugging Face, in another example of the dangers posed by the AI supply chain. AI ...
winbuzzer.com

Fake OpenAI Hugging Face OpenAI Repo Pushed Infostealer Malware

A fake OpenAI-branded repository on Hugging Face may have delivered infostealer malware to Windows users. Before the page disappeared, the repository had reached roughly 244K downloads and the ...
CSOonline

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are becoming a new software supply chain attack vector. A malicious Hugging ...
Bleeping Computer

Fake OpenAI repository on Hugging Face pushes infostealer malware

A malicious Hugging Face repository that reached the platform’s trending list impersonated OpenAI’s “Privacy Filter” project to deliver information-stealing ...