PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
CoinDesk

Why DeFi isn't dead despite massive exploits and $13 billion investor exodus

A $292 million exploit and $13 billion TVL drop looks catastrophic on the surface, but the data tells a different story.
KQED

After a Potential Mythos Breach, Why Do Developers Use Such Powerful AI Models?

AI firm Anthropic is investigating a potential breach of its new model, Mythos. But developers say that developing such ...

A secretive AI hacking system has sparked a global scramble

Anthropic’s Mythos AI is rattling Washington, prompting the Trump administration to try to confront its cybersecurity risks.
The Hacker News

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

CVE-2026-33626 exploited within 13 hours of disclosure, enabling SSRF-based cloud credential theft and internal scanning.
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.