The Hacker News

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

RoguePilot flaw let GitHub Copilot leak GITHUB_TOKEN, while new studies expose LLM side channels, ShadowLogic backdoors, and promptware risks.

AI-Generated Passwords Are Apparently Quite Easy to Crack

To determine the capability of popular AI models to act as your password generator, Irregular asked Claude, ChatGPT, and Gemini to generate 16-character, secure passwords that include special ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...

An AI agent nuked 200 emails. This guardrail stops the next disaster

There is a way to let AI agents organize your email, manage your files, and perform other magical tasks without nuking your data. Just ask a coder.

Amazon: AI-assisted hacker breached 600 FortiGate firewalls in 5 weeks

Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks.