The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...
The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

Users flock to open source Moltbot for always-on AI, despite major risks

Moltbot stores memory as Markdown files and an SQLite database on the user’s machine. It auto-generates daily notes that log interactions and uses vector search to retrieve relevant context from past ...