SecurityWeek

TeamPCP Moves From OSS to AWS Environments

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...

H33 Launches HICS for Free: The First Trust-less Software Scoring Tool with Post Quantum Cryptographic Proof

Free cryptographically verified code quality scoring for software procurement. The best software wins. Not the best ...
SecurityWeek

Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise

When researchers found an obfuscated token while examining the relationship between OpenAI Codex and GitHub, they took notice ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
GovInfoSecurity

OpenAI's Coding Agent Flaw Exposed GitHub Passwords

Security researchers at BeyondTrust Phantom Labs discovered a critical flaw in OpenAI's Codex coding agent that allowed an ...
CSO Online

OpenAI patches twin leaks as Codex slips and ChatGPT spills

Command injection in Codex and a hidden outbound channel in ChatGPT exposed risks of credential theft and covert data ...
Microsoft

WhatsApp malware campaign delivers VBS payloads and MSI backdoors

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack ...