The Hacker News

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
XDA Developers on MSN

Your Claude code limits are hidden until they're not, and this script surfaces them on every message

Peek-a-boo, there go your limits ...

Python dev saved from disaster by intuition... and AI

Python developer Roman Imankulov nearly took the bait. The fact that he didn't can be chalked up to human intuition and AI ...

AI Wrote Your Code. Did Anyone Actually Check It? Here’s the Verification Problem Most Companies Aren’t Prepared For.

AI is generating code faster than humans can ever hope to verify. If your QA strategy hasn't evolved to match the speed of AI ...

Feds freaked over Fable 5 after simple 'fix this code' prompt, not jailbreak, says researcher

The outside researchers reportedly fed Anthropic’s Fable 5, Mythos, and Claude Opus models open-source code containing known ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

Trump flips script on left, maneuvers to use foreign influence law against them

Trump aims to use FARA and other legal tools against alleged foreign influence on the left after years of probes targeting ...
techtimes

OpenAI Codex Automation Gains Record and Replay: Show It Once, Skip the Script

OpenAI has added a feature to its Codex macOS app that changes the barrier to AI-powered automation: instead of writing a prompt or configuring a workflow, a user performs a task while Codex watches, ...

Researchers claim Microsoft's quantum breakthrough is flawed by basic Python errors

Microsoft's 2029 quantum supercomputer ambitions may have hit a roadblock, as critics claim the company's 2025 quantum ...

npm tackles its riskiest security issues

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit approval from July 2026.
Security Boulevard

SmartApeSG Launches Okendo Reviews Supply Chain Attack

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...