OpenAI Codex tool with over 29,000 downloads linked to malicious npm supply chain attack stealing authentication tokens

A tool started benign and turned sour after a little while, stealing tokens and granting persistent access.

Multiple Linux distros hit by major ‘CIFSwitch’ flaw that gives attackers root access

If you’re using Linux, make sure you patch up and disable unnecessary file sharing features.

17 million strong botnet of compromised devices dismantled by Dutch authorities

The botnet is theorized to be related to Asocks, with the possibility the proxy network has bitten the dust.

Meta patches flaw that allowed MetaAI support bot to hand out password reset links without 2FA

Hackers were targeting high-profile accounts by tricking AI into sharing reset codes without validation.

FIFA websites spoofed by hackers ahead of 2026 World Cup, FBI warns

Dozens of fake FIFA sites are out there, stealing people’s data and possibly even money.

Palantir’s ‘unlimited access’ to patient data — we examine the US tech giant’s controversial £330 million contract with the NHS

While the NHS has just granted Palantir “unlimited access” to patient data, the relationship between the UK public health sector and the controversial American firm dates back to 2020. Here’s how we get here, and what’s at…