The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
CSO Online

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
Microsoft

CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across ...

Microsoft Defender is investigating a high-severity local privilege escalation vulnerability (CVE-2026-31431) affecting multiple major Linux distributions including Red Hat, SUSE, Ubuntu, and AWS ...
IT News For Australia Business

'Copy Fail' Linux privesc bug lay dormant in kernel since 2017

A logic flaw sitting undetected in the Linux kernel for nearly nine years lets any unprivileged local user gain root access on virtually every mainstream Linux distribution shipped since 2017, ...
theregister

Linux cryptographic code flaw offers fast route to root

Developers of major Linux distributions have begun shipping patches to address a local privilege escalation (LPE) vulnerability arising from a logic flaw. The newly disclosed LPE, dubbed Copy Fail ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency that delivers a trojan capable of ...
theregister

Oracle unveils Project Detroit for faster Java interop with JavaScript and Python

JAVAONE Oracle has shipped Java 26, a short-term release, and introduced Project Detroit, which promises faster interop between Java, JavaScript, and Python. Java 26 will be supported for just six ...
BGR

You Can Turn Your Raspberry Pi Into A Local AI Agent - Here's How

We may receive a commission on purchases made from links. Marzulli's main goal was a simple one, at least on paper: nothing leaves the Raspberry Pi. That literally means he didn't want any AI ...
Ubuntu

Starship Prompt: Customize Your Linux Shell with Ease

Are you still using the default, slow and uninspiring terminal prompt? Don't be. Say hello to Starship, the minimal, blazing-fast, and infinitely customisable prompt for any shell. Starship is not ...