The Hacker News

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...

OpenAI Codex is coming to mobile so you can build apps on the go

OpenAI just turned ChatGPT into a mobile hub for Codex, letting developers manage AI coding tasks right from their phones.

OpenAI is bringing in the mighty Codex tool to the ChatGPT app on your phone

OpenAI has added its Codex coding agent to the ChatGPT mobile app on iOS and Android, letting users manage coding tasks ...

OpenAI brings its Codex coding app to mobile

Since debuting last spring, OpenAI's Codex coding app has seen standalone Mac and Windows releases, so it was only a matter ...
Tech Advisor on MSN

Video face swap AI in 2026: How to choose the right tool for your scene, hardware, and patience level

Video face swap with VidMage Try It Now A few years ago, swapping a face in a video meant either academic Python scripts ...
Decrypt

Hackers Insert Malware Into Mistral AI Software Download

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...
SecurityWeek

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

CRPx0 is a complex, stealthy malware campaign that targets macOS and Windows systems, and appears to have Linux capabilities ...

JDownloader site hacked to replace installers with Python RAT malware

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...
Morning Overview on MSN

Malicious open-source packages have surged 73% in 2026 as attackers poison the software supply chain

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...
The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.

10 trillion downloads are crushing open-source repositories - here's what they're doing about it

Companies are treating these repositories like content delivery networks - now the Linux Foundation and colleagues are saying ...
Ars Technica

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...