Microsoft

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...
Tech Times

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...
techzine

TeamPCP compromises Python libraries via supply chain attack

The hacker group TeamPCP uploaded two malicious versions of the popular Python library LiteLLM to PyPI. Using a previously compromised version of the vulnerability scanner Trivy, the attackers stole ...
Techlomedia

GitHub Investigating Unauthorized Access to Internal Repositories, Says Customer Data Not Impacted

GitHub has confirmed that it is investigating unauthorized access to some of its internal repositories. The company shared ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
BMJ Evidence-Based Medicine

Impact of prompt engineering on large language models for risk of bias assessment: a comparative study

Objectives To evaluate the performance of large language models (LLMs) in risk of bias assessment and to examine whether ...
InfoWorld

Anthropic acquires Stainless to strengthen Claude’s developer tooling

The deal gives Anthropic tighter control over how developers connect Claude to software and business systems as AI vendors ...