The Hacker News

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

Over 1,000 exposed ComfyUI instances exploited via unauthenticated code execution, enabling Monero mining and botnet expansion.
Microsoft

Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize ...
The Next Web

Meta freezes AI data work after breach puts training secrets at risk

Meta has indefinitely paused work with $10B AI data startup Mercor after a LiteLLM supply chain attack exposed training ...

The invisible risk: Can you really trust your ‘private’ AI assistant to keep your secrets?

Research by Israeli cybersecurity company Check Point found a weakness in ChatGPT’s system that could allow someone to ...

AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack

AI hiring startup Mercor confirmed it was "one of thousands of companies" affected by the LiteLLM supply-chain attack as the ...
Security Boulevard

Anthropic Claude Code Leak

IntroductionOn March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code (its flagship ...

'Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks': Google says North Korean hackers behind major attack on Axi…

Google Threat Intelligence Group warns of active supply chain attack on npm’s Axios library Malicious dependency ...
GovInfoSecurity

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
Cybernews

North Korean hackers behind axios critical supply chain attack, Google says

According to Google researchers, a North Korean group tracked as UNC1069 has previously targeted cryptocurrency and ...
SDxCentral

Google Vertex agentic flaw latest chink in hyperscale AI armor

The stolen credentials also granted access to the Google Cloud storage buckets within the tenant project in which a Vertex ...
Arabian Post

Telnyx package breach jolts Python supply chains

Security teams are scrambling after two malicious releases of the Telnyx Python SDK were uploaded to PyPI on March 27, turning a widely used developer tool into a credential-stealing backdoor that ...