The Hacker News

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

Sleeper packages in Ruby and Go steal credentials and alter CI workflows, leading to persistent access and data exfiltration.
SecurityWeek

Cisco Releases Open Source Tool for AI Model Provenance

The new kit aims to address risks related to poisoned models, regulatory issues, supply chain integrity, and incident ...
CSO Online

Human-centric failures: Why BEC continues to work despite MFA

Hackers don't need to break your MFA if they can just trick your team into sending money, which is why your "unauthorized ...