GovInfoSecurity

Hacking as a Prompt: Malicious LLMs Find Users

The cybercrime-as-a-service model has a new product line, with malicious large language models built without ethical guardrails selling on Telegram for $50 monthly ...
The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

The disclosure comes as HelixGuard discovered a malicious package in PyPI named "spellcheckers" that claims to be a tool for ...
InfoWorld

3 takeaways from the Ultralytics AI Python library hack

When attackers compromised Ultralytics YOLO, a popular real-time object detection machine-learning package for Python, most assumed the Python Package Index, or PyPI, must be the point of failure.
Ars Technica

Threat or menace? “Autosploit” tool sparks fears of empowered “script kiddies”

The tools used by security researchers, penetration testers, and “red teams” often spark controversy because they package together, and automate, attacks to a degree that make some uncomfortable—and ...