Dark Reading

Hugging Face Packages Weaponized With a Single File Tweak

A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model's outputs and exfiltrate ...
Threat Post

Critical Vulnerabilities Affect JSON Web Token Libraries

Critical vulnerabilities exist in several JSON Web Token (JWT) libraries – namely the JavaScript and PHP versions – that could let an attacker bypass the verification step. Critical vulnerabilities ...
Morning Overview on MSN

The 'mini Shai-Hulud' attack hides inside AI coding agent configs — the first supply chain attack to weaponize Claude Code and VS Code as persistence vectors

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had ...
SecurityWeek

Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking

Claude Code vulnerability allows attackers to intercept OAuth tokens, enabling access to connected SaaS platforms and ...
MacStories

Inspecting JSON Files on iOS with Jayson

At any point, you can share the file or the current value alone, and, this being a modern iOS app, you can tap URLs, copy text, or drag and drop content out of Jayson. You can also tap & hold items to ...