Hackers compromise popular Axios Javascript library with hidden malware

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...
Biometric Companies

Aura breach and AI companion app flaws sharpen privacy fears

A new security report on AI girlfriend and companion apps is drawing added attention because it arrives just as identity protection company Aura is dealing with its own data exposure incident, ...
blockchain

OpenAI Reveals How ChatGPT Now Fights Prompt Injection Attacks

OpenAI details new 'Safe Url' defense system treating AI prompt injection like social engineering, with attacks succeeding 50% of the time before fixes. OpenAI published technical details on March 16 ...
XDA Developers on MSN

Google kept featuring this Chrome extension for months after it turned malicious

How can an extension change hands with no oversight?
GitHub

coding-agent: avoid command injection when opening OAuth URL

coding-agent currently opens OAuth URLs in the login dialog with an exec() command string. Because the URL is interpolated into a shell command, a crafted URL can break out of quoting and execute ...