The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

MCP shipped without authentication. Clawdbot shows why that's a problem.

Knostic found 1,862 MCP servers exposed with zero authentication. Here are five actions CISOs should take now.
eWeek

What Is Clawdbot? The Viral Self-Hosted AI Assistant Taking Over X

Clawdbot is a viral, self-hosted AI agent that builds its own tools and remembers everything—but its autonomy raises serious security risks.
Infosecurity Magazine

Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core

A critical sandbox escape vulnerability in Grist-Core has been disclosed that allows remote code execution (RCE) through a ...
WinBuzzer

ChatGPT Containers Gain Bash Support and Multi-Language Code

ChatGPT has quietly gained bash support and multi-language capabilities, enabling users to run commands and install packages in containers without official announcements.
Analytics Insight

Best AI Tools to Summarize PDFs Quickly for Faster Reading and Better Understanding

Overview PDF files are an integral part of professional and academic work.Long documents make it difficult to research and ...