The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.
InfoQ

GitHub Enhances CodeQL with Declarative Security Modeling for Faster, More Flexible Analysis

GitHub has introduced a significant update to its CodeQL engine, enabling developers to define custom sanitizers and ...
Semiconductor Engineering

Building AI Without Guardrails

The semiconductor ecosystem is wrestling with fragmented standards, IP exposure, and the urgent need for runtime assurance.
Arabian Post

SAP developers face npm supply shock

Malicious code inserted into four SAP-related npm packages exposed developer workstations and automated build systems to credential theft, marking a sharp escalation in attacks against open-source ...

This Company Has Figured Out a Way to Make Face ID Invisible

You can read more about it in our original coverage of the company here, but in short, instead of refracting light through ...
InfoQ

Inside Claude Code Auto Mode: Anthropic’s Autonomous Coding System with Human Approval Gates

Anthropic has introduced auto mode in Claude Code, enabling multi-step software development workflows with reduced manual ...

Meta’s AI scans photos for bone structure to catch underage users on Instagram and Facebook

Meta is using AI visual analysis to scan photos and videos for physical indicators like height and bone structure to detect ...

Kids are bypassing online age checks by drawing fake beards on their face

More platforms are pushing age checks on users across apps, games, and social networks, but kids are already finding ...
The Hacker News

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

Critical cPanel flaw under attack, Copy Fail Linux privilege escalation, TeamPCP supply chain campaign, GitHub RCE & major ...

After AI facial recognition led to wrongful accusation, Minnesota lawyer says ‘nationwide reckoning’ due

The attorney for Angela Lipps said information gathered so far indicates the case “should strike fear in every law-abiding ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...