VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
Redmondmag.com

Supply Chain Attack Hits Microsoft GitHub Repos, AI Coding Tools

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
WINK NEWS

2026 Florida Python Challenge set to begin, hunters primed for action

HOMESTEAD, Fla. (WINK) — The Florida Fish and Wildlife Conservation Commission is set to announce the 2026 Florida Python Challenge. The annual event provides enthusiastic hunters with an opportunity ...
CBS News

U.S. intel community analyzing how Cuba might respond to military action

James LaPorta is the national security coordinating producer for the CBS News' Washington bureau. He is a former U.S. Marine veteran infantryman and veteran of the Afghanistan war. Moderator, "Face ...

AI-built ransomware toolkit automates EDR evasion, AD discovery

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade ...
Microsoft

Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us

A surge in real-world attacks against agentic AI systems is reshaping how we think about risk. Based on 12 months of red ...
Sporting News

Lakers' Deandre Ayton flexes flashy new 'DominAyton' chain amid playoff struggles

Los Angeles Lakers center dropped a bold flex during the worst time for his team. The Lakers center showed off a custom diamond chain with "DOMINAYTON" inscribed while the team is losing big time in ...
Supply Chain Management Review

Unlocking better negotiation outcomes: How after-action reflections can transform supply chain performance

Editor’s note: This article draws on the authors’ research: Woelfl, K., Ketchen, D. J., & Kaufmann, L. (2024). “A Configurational Perspective on the Quality of ...