Morning Overview on MSN

GitHub just confirmed hackers broke into its own code through a poisoned coding tool — slipping in on a developer’s laptop without anyone noticing for days

Sometime in early 2025, an attacker slipped malicious code into a Visual Studio Code extension, and a GitHub employee installed it. For several days, that extension ran quietly on the developer’s ...
The Hacker News

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

FortiClient EMS flaw CVE-2026-35616 enabled malware delivery via fake updates, risking credential theft across endpoints.

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens ...

Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...

DxSale drained for $7.3M in BNB Chain liquidity exploit

DxSale was hit by a $7.3 million exploit that affected at least 1,400 liquidity providers on the BNB chain, adding to the mounting concerns around the DeFi industry’s cybersecurity.
Cryptopolitan on MSN

Gnosis Safe users lose $3.2M in Base and Ethereum exploit

$3.2M drained from 86 Gnosis Safes on Base and Ethereum in under 2 hours via a vulnerable third-party SquidRouterModule ...