CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...

GitHub disables Microsoft repos pushing password-stealing malware

Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, ...

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...

The ‘Miasma’ worm source code briefly leaked on GitHub

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...
The Hacker News

⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More

Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a ...
Amazon S3 on MSN

Why you should never trust random GitHub download links

Tech pro ThioJoe warns why downloading software from random GitHub links can be dangerously misleading and unsafe.
GitHub

Python tools for Visual Studio

Prior to Visual Studio 2017, Python support was released as a standalone extension. We are no longer actively developing these versions, but if you are unable to upgrade to Visual Studio 2017 yet, you ...