The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
Decrypt

You Installed Hermes. Now Make It Look Better Than ChatGPT or Claude

The terminal is fine. But if you actually want to live in your Hermes agent, here are the four best GUIs the community has ...

Usage-based pricing killing your vibe - here's how to roll your own local AI coding agents

With model devs pushing more aggressive rate limits, raising prices, or even abandoning subscriptions for usage-based pricing ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
XDA Developers on MSN

Claude Code replaced my bloated PC optimization tools with custom scripts, and my Windows PC has never been happier

Say "no" to running dubious scripts.
WeLiveSecurity

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via ...

Why Chrome may have quietly downloaded a 4GB file to your PC - and how to get rid of it

The file, which appears to be related to Google's on-device AI model, is harmless enough. Here's why some users may still be ...

JDownloader site hacked to replace installers with Python RAT malware

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...

Google Chrome may have silently installed 4GB AI model on your computer. Here's how to check

We tested our own computers to see if the model was present.

Chrome silently downloads a 4GB AI model. Here’s how to remove it

You can nix Chrome's 4GB local AI model in just a few clicks, but you'll lose some functionality in the process.
TWCN Tech News

How to use WINGET to download Microsoft Store apps

Microsoft released an updated version of Windows Package Manager. The package manager is known to users as WINGET, and it’s available for both Windows 11 and Windows 10. Now, with the new release, ...