GovInfoSecurity

Hacking as a Prompt: Malicious LLMs Find Users

The cybercrime-as-a-service model has a new product line, with malicious large language models built without ethical ...
The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

The disclosure comes as HelixGuard discovered a malicious package in PyPI named "spellcheckers" that claims to be a tool for ...
InfoWorld

3 takeaways from the Ultralytics AI Python library hack

When attackers compromised Ultralytics YOLO, a popular real-time object detection machine-learning package for Python, most assumed the Python Package Index, or PyPI, must be the point of failure.
Bleeping Computer

Script Recovers Event Logs Doctored by NSA Hacking Tool

Security researchers have found a way to reverse the effects of an NSA hacking utility that deletes event logs from compromised machines. Last week, Fox-IT published a Python script that recovers ...
InfoWorld

The Python AI library hack that didn’t hack Python

There are some critical takeaways from the Ultralytics AI Python library hack, but they're not the ones you might expect. Also, 10 tips for making Python faster and a look at uv—the all-in-one Python ...
Ars Technica

Threat or menace? “Autosploit” tool sparks fears of empowered “script kiddies”

The tools used by security researchers, penetration testers, and “red teams” often spark controversy because they package together, and automate, attacks to a degree that make some uncomfortable—and ...