The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
The Hacker News

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

Three vulnerabilities in Anthropic’s MCP Git server allow prompt injection attacks that can read or delete files and, in some ...
CSO Online

Flaws in Chainlit AI dev framework expose servers to compromise

Security researchers uncovered two vulnerabilities in the popular Python-based AI app building tool that could allow ...

MCP shipped without authentication. Clawdbot shows why that's a problem.

Knostic found 1,862 MCP servers exposed with zero authentication. Here are five actions CISOs should take now.

WhatsApp Web malware spreads banking trojan automatically

New WhatsApp Web attack spreads self-propagating ZIP files containing Astaroth banking malware through trusted conversations.
XDA Developers on MSN

This NAS wouldn't give me SSH access, so I hacked into it instead

It's a great NAS with great hardware, but the lack of SSH access is frustrating.

Hackers are now exploiting the safety of open-source apps to sideload malware, and on LinkedIn of all places

The good news is that not clicking on unknown links avoids it entirely.
Dark Reading

Vulnerabilities Threaten to Break Chainlit AI Framework

Familiar bugs in a popular open source framework for AI chatbots could give attackers dangerous powers in the cloud.
How-To Geek on MSN

PyCharm IDE for Python development just got a big update

PyCharm and Google Colab are finally joining forces.
eWeek

What Is Clawdbot? The Viral Self-Hosted AI Assistant Taking Over X

Clawdbot is a viral, self-hosted AI agent that builds its own tools and remembers everything—but its autonomy raises serious ...