The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.
XDA Developers on MSN

Google kept featuring this Chrome extension for months after it turned malicious

How can an extension change hands with no oversight?

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Tennessee teens sue Elon Musk's xAI over AI-generated child sexual abuse material

The three girls say that the nonconsensual nude images were created by a perpetrator who used AI company xAI's image generation tools.
The Lebanon Reporter

Schools have few options to stop students from using AI to 'nudify' classmates

School administrators are witnessing a surge in students using AI platforms to remove clothing from classmates’ social media photos to create revealing or nude images.