OpenSSF Notes Quarter of Growth with New Members, Added AI Security Resources, and Growing ...

The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation focused on sustainably ...

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...
Microsoft

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...

I found a Gemini feature so good, I stopped using everything else

Parth is a technology analyst and writer specializing in the comprehensive review and feature exploration of the Android ...

Claude Mythos Previewは深刻度「高」以上と推定される脆弱性候補を6202件発見、日本の銀行でも利用に向けた動きが進む高性能AIの初期レポートが公開される

ソフトウェアの脆弱(ぜいじゃく)性を探す作業はこれまで、専門知識を持つセキュリティ研究者がコードを読み、問題が本当に悪用可能かどうかを検証するという時間のかかる作業でした。しかし、Anthropicが開発した高性能AI「Claude Mythos Preview」は、脆弱性の発見だけでなく実際に悪用できるかどうかの検証まで高い精度で行えるとされています。Claude Mythos Previewの ...
InfoWorld

Taming the generative AI back end

Writing code that interacts with LLM services requires bridging two different worlds. Use these tips and techniques to bind ...
CSO Online

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.
Design News

CU Boulder Researchers Launch OpenVCAD, a Tool for Multi-Material 3D Printing

The future of 3D printing includes multi-material design, and it just got a major upgrade. Researchers at the University of ...
MacStories

Introducing Shortcuts Playground: Create Apple Shortcuts with Claude Code or Codex

Today, I’m pleased to introduce something I’ve been working on for the past six months: Shortcuts Playground, a plugin for ...
ギズモード・ジャパン

Google、AIを悪用したゼロデイ攻撃の証拠を発見

AIがハッキングに使われる時代に。Google Threat Intelligence Group(脅威インテリジェンスグループ:GTIG)は先日、AIを使ってゼロデイ脆弱性を発見したとみられるサイバー犯罪グループを初めて特定したと発表しま ...
The Hacker News

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

Supply chain chaos, old bugs, smarter phishing, and botnets everywhere — here’s what broke the internet this week.

A new imaging approach captures brain activity across nine cell types at once

Scientists at the Max Planck Florida Institute for Neuroscience (MPFI), in collaboration with ZEISS and MetaCell, have ...