How-To Geek on MSN

Stop writing JSON by hand, this is a much easier way to handle config files

These two formats are a lot more similar than their acronyms suggest.
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
InfoWorld

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

Fake OpenAI repository on Hugging Face pushes infostealer malware

A malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's "Privacy Filter" project ...
Communications of the ACMOpinion

Open Source’s Hidden Language Gap

Open-source i18n is not blocked by goodwill; it’s blocked by missing maintainer-safe infrastructure. Language contributors ...
SecurityWeek

AI Coding Agents Could Fuel Next Supply Chain Crisis

Researchers demonstrate how attackers can weaponize trusted repositories to hijack AI coding assistants and compromise ...

A fake OpenAI repository has taken top spot on Hugging Face — but all it does is push malware

Its popularity may have been faked, though, as the "likes" all came from auto-generated accounts.
InfoQ

Implementing the Sidecar Pattern in Microservices-based ASP.NET Core Applications

Today's applications require monitoring, logging, configuration, etc. Each of these concerns can be implemented as a ...
The Hacker News

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

Quasar Linux RAT (QLNX) harvests DevOps credentials to enable software supply chain attacks with fileless execution and dual ...
Rock Paper Shotgun

Morrowind in Elden Ring mod is now "mostly playable", despite the fact its creator's "entire existence has been consumed with interpreting gibberish code"

After about half a year of major updateless silence, modder InfernoPlus has emerged from the dungeons of Vvardenfell to ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
WeLiveSecurity

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via ...