The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
The Hacker News

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

Critical out-of-bounds read in Ollama before 0.17.1 leaks process memory including API keys from over 300000 servers via ...

10 trillion downloads are crushing open-source repositories - here's what they're doing about it

Companies are treating these repositories like content delivery networks - now the Linux Foundation and colleagues are saying ...
Visual Studio Magazine

VS Code Python Tool Does Multiple Interactive Windows

On Halloween 2018 a developer filed an issue in the GitHub repo for the VS Code Python extension, asking for the ability for users to "spin up multiple 'Python Interactive' windows." In August 2020, ...
TechJuice

Fake OpenAI Repository Deploys Rust-Based Infostealer Malware on Windows Machines

Fake OpenAI Privacy Filter repo hits #1 on Hugging Face with 244K downloads deploying Sefirah infostealer malware.

7 Days: JDownloader got hacked, Chrome downloading 4GB file, and Steam Controller sold out

Our '7 Days' weekly tech roundup brings the juiciest announcements. Read about Edge browser handling passwords in plaintext, JDownloader getting hacked, and the TAB key.
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...

Fake OpenAI repository on Hugging Face pushes infostealer malware

A malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's "Privacy Filter" project ...

MegaConvert.io Launches Free Online File Converter Supporting 500+ Formats in 47 Languages

MegaConvert.io is a free online file converter that supports 500+ format pairs in 47 languages — convert ...

The Real Reason OpenAI Gave Away Symphony for Free

In May 2026, OpenAI released Symphony, a free open-source tool that automates long-running tasks and reduces human ...

Why a 2017 Linux bug is now a major concern for the crypto industry

The “Copy Fail” Linux bug could impact crypto infrastructure that relies on Linux servers, highlighting growing cybersecurity ...
The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.