ai
Claude Code source code accidentally leaked in NPM package
Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no customer data or credentials were exposed. While Anthropic pledges support to the open-source community, Claude Code has always remained closed source, at least it did until today, when an update accidentally included internal source code. […]
CISA: New Langflow flaw actively exploited to hijack AI workflows
The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. The security issue received a critical score of 9.3 out of 10 and can be leveraged for remote code execution, allowing threat actors to build public flows without authentication. […]
GitHub adds AI-powered bug detection to expand security coverage
GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks. The developer collaboration platform says that the move is meant to uncover security issues “in areas that are difficult to support with traditional static analysis alone.” CodeQL will continue to provide deep semantic analysis […]
Bubble AI app builder abused to steal Microsoft account credentials
Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. Because the web app is hosted on a legitimate platform, email security solutions do not flag the link as a potential threat, allowing users to access the page. Security researchers […]
OpenAI rolls out ChatGPT Library to store your personal files
OpenAI is rolling out a new feature called ‘Library’ for ChatGPT, which allows you to store your personal files or images on OpenAI’s cloud storage. OpenAI says ChatGPT Library requires Plus, Pro, and Business. It’s rolling out to customers across the world except the European Economic Area, Switzerland, and the United Kingdom. I refreshed the ChatGPT […]
Musician admits to $10M streaming royalty fraud using AI bots
North Carolina musician Michael Smith has pleaded guilty to collecting over $10 million in royalty payments through a massive streaming royalty fraud scheme on Spotify, Apple Music, Amazon Music, and YouTube Music. 54-year-old Smith bought hundreds of thousands of songs generated using artificial intelligence (AI) from an accomplice, uploaded them to these streaming platforms, and […]
New font-rendering trick hides malicious commands from AI tools
A new font-rendering attack causes AI assistants to miss malicious commands shown on webpages by hiding them in seemingly harmless HTML. The technique relies on social engineering to persuade users to run a malicious command displayed on a webpage, while keeping it encoded in the underlying HTML so AI assistants cannot analyze it. Researchers at […]
Microsoft stops force-installing the Microsoft 365 Copilot app
Microsoft has stopped automatically installing the Microsoft 365 Copilot app on Windows devices that have the Microsoft 365 desktop client apps. The Microsoft 365 Copilot app integrates the AI-powered Copilot assistant with Microsoft 365 suite apps, including Word, Excel, and PowerPoint, as well as other features like AI agents and Notebooks. The forced rollout began […]
OpenAI says ChatGPT ads are not rolling out globally for now
OpenAI told GeekFeed that ChatGPT ads are not yet rolling out outside the US, even though some users noticed references to ads in the updated privacy policy. On Reddit, some users pointed out that the updated privacy policy mentions ads, which led to speculation that ChatGPT ads were expanding globally, even for users outside the US. […]
AI-generated Slopoly malware used in Interlock ransomware attack
A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than a week and steal data in an Interlock ransomware attack. The breach started with a ClickFix ruse, and in later stages of the attack, the hackers deployed the Slopoly backdoor as […]