The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
SecurityWeek

Russian APT Exploits Zimbra Vulnerability Against Ukraine

Russia-linked APT28 has exploited a high-severity XSS vulnerability in Zimbra in attacks against Ukrainian entities.

Researchers Uncover New Phishing Risk Hidden Inside Microsoft Copilot

Researchers reveal how Microsoft Copilot can be manipulated by prompt injection attacks to generate convincing phishing messages inside trusted AI summaries.

Direct Prompt Injection: How Attackers Manipulate LLM Input

Direct prompt injection occurs when a user crafts input specifically designed to alter the LLM’s behavior beyond its intended boundaries.
Cryptopolitan on MSN

SlowMist warns AI trading agents can be hacked to drain funds through prompt injection attacks

The use of AI agents has become increasingly popular among traders. However, SlowMist has shared findings on possible attack vectors, cautioning users to pump the brakes to protect themselves against ...
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...