Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...
Hosted on MSN

Microsoft Copilot adds token-saving tips and AI upgrades

Microsoft Copilot’s expanding role is being shaped by both new AI capabilities and strategies to manage usage limits. A 'Token Buffer' method helps users streamline AI interactions, while April ...

What you'll pay for AI agents will be wildly variable and unpredictable

A test of leading AI agents found vastly different amounts of tokens consumed with no transparency and no guarantees of ...

Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...
Decrypt

You Installed Hermes. Now Make It Look Better Than ChatGPT or Claude

The terminal is fine. But if you actually want to live in your Hermes agent, here are the four best GUIs the community has ...
Morning Overview on MSN

Hackers poisoned the PyTorch Lightning AI package and it started stealing credentials the moment you imported it

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...

Nebius acquires AI model optimization startup Eigen AI for $643M

Nebius Group NV, a Dutch operator of artificial intelligence data centers, today announced plans to buy software maker Eigen ...

xAI launches Grok 4.3 at an aggressively low price and a new, fast, powerful voice cloning suite

The launch of Grok 4.3 represents a calculated bet by xAI that the market wants specialized brilliance and extreme cost ...
SecurityWeek

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Over 1,800 developers were likely infected in the Mini Shai-Hulud supply chain attack that hit SAP, Lightning, and Intercom ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
Infosecurity Magazine

Deep#Door Python Backdoor Evades Detection On Windows

A stealthy Python-based backdoor framework capable of long-term surveillance and credential theft has been identified ...

Official SAP npm packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...