Dark Reading

Meta AI Models Cracked Open With Exposed API Tokens

Researchers recently were able to get full read and write access to Meta's Bloom, Meta-Llama, and Pythia large language model (LLM) repositories, in a troubling demonstration of the supply chain risks ...
WinBuzzer

VS Code Exploit Can Steal GitHub Tokens via github.dev

A VS Code exploit for github.dev can steal GitHub OAuth tokens after one malicious link, exposing private repositories while teams await a patch.
CSOonline

Google launches dependency API and curated package repository with security metadata

This week, Google launched a free API service that provides software developers with dependency data and security-related information on over 5 million software components across different programming ...