GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
Hackaday

This Week In Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, And Backdoored Tools

After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and a new ...
Krebs on Security

Anti-DDoS Firm Heaped Attacks on Brazilian ISPs

A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks ...
Security Boulevard

Anti-DDoS Firm Heaped Attacks on Brazilian ISPs

The post Anti-DDoS Firm Heaped Attacks on Brazilian ISPs appeared first on Krebs on Security. A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) ...
LinkedIn

5 Best offshore VPS for running Python AI Scripts In 2026

Running Python AI scripts demands more than just raw compute power. You need a server environment that gives you full root access, generous bandwidth, flexible OS options, and ideally a privacy-first ...
Bleeping Computer

Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. Attacks leveraging the remote code ...
The Hacker News

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpose ...
Security Boulevard

How GitGuardian Enables Rapid Response to the LiteLLM Supply Chain Attack

The TeamPCP supply chain attack compromised LiteLLM packages 1.82.7 and 1.82.8, stealing SSH keys, cloud credentials, API tokens, and more from developer machines, where secrets live, breathe, and ...
GitHub

ddos-api

Layer 7 Stressor - A powerful Free IP/Web Stresser & IP Booter by https://rebirthstress.cc. Features 29 Layer 4 and 7 Layer 7 methods powered by the Rebirth Stress API, with API key authentication and ...
GitHub

LUCID: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection

LUCID (Lightweight, Usable CNN in DDoS Detection) is a lightweight Deep Learning-based DDoS detection framework suitable for online resource-constrained environments, which leverages Convolutional ...
SecurityWeek

Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign

Threat actors are abusing Ray’s lack of authentication to compromise exposed clusters and deploy LLM-generated payloads and cryptocurrency miners. Threat actors are exploiting a two-year-old ...
Bleeping Computer

New ShadowRay attacks convert Ray clusters into crypto miners

A global campaign dubbed ShadowRay 2.0 hijacks exposed Ray Clusters by exploiting an old code execution flaw to turn them into a self-propagating cryptomining botnet. Developed by Anyscale, the Ray ...