DarkSword exploit, which affects outdated versions of iOS, leaks on GitHub

The exploit is now publicly available on GitHub, increasing the urgency for older iPhones and iPads to run the latest ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
InfoWorld

I ran Qwen3.5 locally instead of Claude Code. Here’s what happened.

You can now run LLMs for software development on consumer-grade PCs. But we’re still a ways off from having Claude at home.

Someone has publicly leaked an exploit kit that can hack millions of iPhones

Leaked "DarkSword" exploits published to GitHub allow hackers and cybercriminals to target iPhone users running old versions ...
The Financial Express

Somebody publicly posted an iPhone hack kit that puts millions of you at risk

Once a victim is exposed to a malicious link, the exploit gains filesystem access and exfiltrates data to an ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...

AI Agents Run Experiments While You Sleep, So What Should Knowledge Workers Do?

Karpathy's autoresearch and the cognitive labor displacement thesis converge on the same conclusion: the scientific method is ...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Straiker Secures Agents Building Agents

Straiker, the fastest-growing agentic security company, today launched Discover AI and expanded Defend AI to secure coding ...
Onrec

Leveraging Market Signals for Recruitment: The Rise of Sync-First Pipelines

A sync-first pipeline treats each signal as work. You create a ticket with clear fields, route it to the right team, and keep ...