Bleeping Computer

Fake OpenAI repository on Hugging Face pushes infostealer malware

A malicious Hugging Face repository that reached the platform’s trending list impersonated OpenAI’s “Privacy Filter” project to deliver information-stealing ...
GitHub

Google AI Mode Skill

Transform your LLM's online research capabilities by connecting Claude Code directly to Google's AI Mode—getting AI-synthesized answers from 100+ sources instead of scattered search results. "Next.js ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. As of writing, ...
The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM). The package ...
Bleeping Computer

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. One malicious ...
GitHub

Bhanunamikaze/Agentic-SEO-Skill

The README only highlights the scripts most users reach for first. See the full 89-script list with purpose notes in the Script Inventory wiki. generate_report.py Self-contained browser dashboard for ...