Researcher cereblab, testing [xAI's Grok Build coding CLI](https://thehackernews.com/2026/07/grok-build-uploads-entire-git.html) at version 0.2.93, captured network traffic and found the tool was uplo
Users discovered that xAI's Grok CLI tool was [uploading their entire home directory](https://twitter.com/i/status/2076598897779020159) to xAI-controlled Google Cloud Storage buckets — without explici
Malicious packages impersonating official SDKs for [Paysafe, Skrill, and Neteller](https://www.bleepingcomputer.com/news/security/fake-paysafe-skrill-sdks-on-npm-and-pypi-steal-credentials/) were publ
Researchers have identified 108 malicious packages and browser extensions planted across npm, Packagist, Go modules, and the Google Chrome Web Store as part of an ongoing supply chain campaign dubbed
Researchers at JFrog have identified a fresh wave of malicious npm packages linked to North Korean threat actors that impersonate legitimate Rollup polyfill tooling. The packages — `rollup-packages-po
Security researchers at Island have identified that **Adblock for YouTube** — a Chrome extension with over 10 million installs (extension ID: `cmedhionkhpnakcndndgjdbohmhepckk`) — contains the ability
Two moves defined Monday — Apple rewired its entire AI stack at WWDC while OpenAI quietly filed its S-1 with the SEC, two companies approaching the same destination — AI platform dominance — from radi
Security researchers at OX Security have [identified a malicious package on the npm registry](https://thehackernews.com/2026/05/malicious-npm-package-stole-files-from.html) named **`mouse5212-super-fo