The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...

OpenAI spills technical details about how its AI coding agent works

On Friday, OpenAI engineer Michael Bolin published a detailed technical breakdown of how the company’s Codex CLI coding agent ...

MCP shipped without authentication. Clawdbot shows why that's a problem.

Knostic found 1,862 MCP servers exposed with zero authentication. Here are five actions CISOs should take now.

Over 6,000 SmarterMail servers exposed to automated hijacking attacks

Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability.

Malicious AI extensions on VSCode Marketplace steal developer data

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.

How to spot and stop everyday cyberattacks

It never stops. Attackers continue to exploit new vulnerabilities and tricks to hack accounts or infiltrate devices. To stay ...

Research reveals how these simple Chrome extensions are hawking your privacy

Research shows that even simple Chrome extensions can quietly invade user privacy, with some hijacking clipboards, ...
The Manila Times

Descope Unveils Agentic Identity Hub 2.0, the Most Comprehensive Identity Platform for AI Agents and MCP Servers

Organizations can now use Descope as a dedicated auth and access control layer for AI agents and MCP servers with ephemeral ...
Game Rant on MSN

Dreadmyst Delisted: Steam Ban, ‘Gummy52’ Rumors, and a Source Code Dump

Steam pulls the viral MMO Dreadmyst as the dev releases source code to dispute malware fears and identity rumors.

Local AI Notebook Setup : Build Code, Chat & OCR Images Offline

See an AMD laptop with a Ryzen AI chip and 128GB memory run GPT OSS at 40 tokens a second, for fast offline work and tighter ...

Anthem subreddit gets a new lease on life as modder shows the game running without EA's servers: 'We didn't realize how much demand there'd still be for this fo…

Footage showing two players in a locally-hosted game is "really hacky," but it works.
Security Boulevard

Critical CERT-In Advisories – January 2026: SAP, Microsoft, and Atlassian Vulnerabilities

January 2026 was a wake-up month for enterprise security teams. In a single week, CERT-In released three high-severity ...