Decrypt

Hackers Insert Malware Into Mistral AI Software Download

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...
The Hacker News

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

Ghostwriter’s March 2026 Ukraine attacks use PDF lures and geofencing to deploy Cobalt Strike on government targets.
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
TMCnet

Belarus-aligned FrostyNeighbor attacks Ukrainian government, again - ESET Research discovers

This latest ESET Research report documents new activity observed that started in March 2026, showing continued evolution of tooling and compromise chains. The group primarily targets governmental, ...
The Caledonian-Record

Qoder Version 1.0 Released: Full Automation of Code Generation, Verification & Delivery

Qoder officially releases version 1.0, upgrading from an AI IDE to an Autonomous Development Desktop. The new version enables autonomous execution of code ...
Decrypt

Fake OpenAI Repo Hit #1 on Hugging Face—And Stole Passwords While It Trended

A fake repo impersonating the OpenAI Privacy Filter model racked up 244,000 downloads in under 18 hours before Hugging Face ...
InfoWorld

Hands-on with React, Supabase, and PowerSync

If you are building a simple dashboard or a form-based application, the traditional JSON API (REST or GraphQL) approach is ...

Chrome: How private is local AI in Google's browser?

Current version of the browser contains a local AI model that will not only download data in the future but also be allowed ...
Dark Reading

'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine

A known Belarussian cyber-espionage group is back with a threat campaign against targets in Eastern Europe that uses spear-phishing to deliver malicious payloads to Eastern European government and ...
CSO Online

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to ...
Winona Daily News

Winona man gets 17 years for attempted homicide at George's Lounge

Winona resident Damien Winn sentenced to 17 years in prison for attempted homicide and firearm possession charges in Buffalo ...
CSO Online

Expired domain leads to supply chain attack on node-ipc npm package

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...