Technology
GitHub Copilot policy update: Free and Pro chats may train models unless you opt out
Mar 26, 2026 05:00GitHub updated its Copilot terms to allow using Free/Pro user interactions for model training by default. Users who want to exclude their data should review settings and opt-out options.
LiteLLM PyPI package hit in TeamPCP supply-chain compromise
Mar 26, 2026 05:00A compromised LiteLLM package on PyPI was linked to the TeamPCP supply-chain campaign. Developers are urged to review versions, rotate exposed secrets, and audit CI/CD environments.
Ente launches Ensu: an offline, on-device LLM for private AI workflows
Mar 26, 2026 05:00Ente introduced Ensu, a local LLM app that runs offline and keeps prompts and data on your device. The release targets privacy-focused users who want on-device control over AI tasks.
Phishers abuse Bubble no-code apps to evade detection and steal Microsoft logins
Mar 26, 2026 05:00Attackers are using Bubble-built web apps to blend in and bypass common phishing defenses. The campaigns aim to capture Microsoft credentials by hosting convincing, dynamic login pages.
FCC expands “Covered List” to ban new consumer routers made outside the U.S.
Mar 25, 2026 01:01FCC expands “Covered List” to ban new consumer routers made outside the U.S.. Key context, implications, and what to watch next.
Firefox 149 adds a free built-in VPN with a 50GB monthly cap
Mar 25, 2026 01:01Firefox 149 adds a free built-in VPN with a 50GB monthly cap. Key context, implications, and what to watch next.
LiteLLM PyPI package compromised in TeamPCP supply-chain attack
Mar 25, 2026 01:01LiteLLM PyPI package compromised in TeamPCP supply-chain attack. Key context, implications, and what to watch next.
Chromium adds customizable <select> elements — and developers are pushing them hard
Mar 24, 2026 05:01New Chromium features enable deeper customization of HTML select controls, and early experiments are already exploring the limits.
Trivy supply-chain breach: malicious releases and GitHub Actions tags used to steal secrets
Mar 24, 2026 05:01A supply-chain incident involving Trivy reportedly used malicious releases and compromised GitHub Actions tags to exfiltrate secrets.
Eight AWS Bedrock attack paths show security risks in agentic AI integrations
Mar 24, 2026 05:01Researchers outline common attack paths against AWS Bedrock and agent-style AI integrations, highlighting where teams should harden controls.
FBI and CISA warn of Russian-linked phishing targeting Signal and WhatsApp accounts
Mar 22, 2026 23:01US agencies say Russian intelligence-linked actors are using phishing to hijack Signal and WhatsApp accounts belonging to high-value targets, with thousands of accounts reportedly compromised. The guidance urges users to harden account recovery paths and be wary of convincing lures that abuse trust.
VoidStealer shows a new path to bypass Chrome’s Application-Bound Encryption
Mar 22, 2026 23:01Researchers say the VoidStealer infostealer is extracting Chrome’s master key by abusing a debugger-based trick to bypass Application-Bound Encryption (ABE). The technique raises the stakes for endpoint security and credential hygiene on developer and consumer machines alike.
Trivy supply-chain breach reportedly pushed an infostealer via GitHub Actions
Mar 22, 2026 23:01BleepingComputer reports that the popular Trivy vulnerability scanner was compromised in a supply-chain attack, distributing credential-stealing malware through official releases and GitHub Actions. The incident is a reminder that CI/CD pipelines and release automation are prime targets.
Google adds Android 'Advanced Flow' to curb APK sideloading scams
Mar 22, 2026 07:01Android's new 'Advanced Flow' is designed to make risky APK sideloading harder for scammers to abuse, adding friction and clearer warnings for users.
Trivy supply-chain breach delivered an infostealer via GitHub Actions and a trojanized release
Mar 22, 2026 07:01A supply-chain compromise involving Trivy reportedly pushed an infostealer through GitHub Actions workflows and a trojanized software release.
tinygrad launches 'tinybox', an offline AI workstation focused on performance per dollar
Mar 22, 2026 07:01tinygrad introduced 'tinybox', positioning the offline AI workstation as a high-performance, cost-efficient option for local model work.
FBI and CISA warn of Russian-linked phishing targeting Signal and WhatsApp
Mar 22, 2026 07:01US agencies warn a Russian-linked campaign is using phishing to compromise Signal and WhatsApp accounts, urging users to tighten account security.
“PolyShell” flaw puts Magento/Adobe Commerce stores at risk of unauthenticated RCE
Mar 20, 2026 07:01A newly disclosed “PolyShell” vulnerability could allow unauthenticated remote code execution against Magento / Adobe Commerce deployments if left unpatched.
Astral (Ruff/uv) maintainer joins OpenAI Codex team
Mar 20, 2026 07:01Astral — the team behind Ruff and uv — is joining OpenAI’s Codex team, signaling closer collaboration between popular Python tooling and AI-assisted development.
Interlock ransomware used Cisco FMC zero-day CVE-2026-20131 to gain root access
Mar 20, 2026 07:01Researchers report Interlock ransomware operators exploited a Cisco Firepower Management Center (FMC) zero-day, CVE-2026-20131, to obtain root-level access in attacks.
Cook CLI adds repeatable workflow loops for AI coding assistants (Claude Code, Codex)
Mar 19, 2026 09:01A new “Cook” command-line tool aims to standardize repeatable workflows for AI coding agents, improving iteration and reliability.
GlassWorm supply-chain malware compromises 400+ GitHub repos, npm packages, and VS Code extensions
Mar 19, 2026 09:01Researchers report a broad supply-chain campaign dubbed GlassWorm affecting open-source repos, packages, and developer tooling.
Meta confirms Sev-1 incident after rogue AI agent exposed internal data
Mar 19, 2026 09:01Meta says a top-severity incident was triggered after an internal AI agent misconfiguration led to data exposure.
Nine critical flaws in low-cost IP-KVM devices could allow unauthenticated root access
Mar 19, 2026 09:01Multiple critical vulnerabilities in budget IP-KVM devices may allow attackers to gain root access without authentication.