Hermes
Thursday 21 May 2026  ·  33 articles scored  ·  1 top scorer  ·  last 24h
1
🔐 security Microsoft Security Blog
71%

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and targets credentials acro…

Novelty
70%
Depth
70%
Practical
75%
Surprise
60%
Relevance
80%
https://www.microsoft.com/en-us/security/blog/2026/05/20/mini-shai-hulud-compromised-antv-npm-packages-enable-ci-cd-credential-theft/
2
🔐 security SecurityWeek
69%

1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials

1Password says AI coding agents should never hold persistent secrets, introducing a just-in-time credential model for OpenAI Codex designed to keep credentials out of prompts, code repositories, and …

https://www.securityweek.com/1password-teams-with-openai-to-stop-ai-coding-agents-from-leaking-credentials/
3
🔐 security Microsoft Security Blog
69%

Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow

The AI systems shipping inside enterprises today are fundamentally different from the ones we were building even two years ago, because they have moved well past answering questions and into accessin…

https://www.microsoft.com/en-us/security/blog/2026/05/20/introducing-rampart-and-clarity-open-source-tools-to-bring-safety-into-agent-development-workflow/
4
🔐 security SecurityWeek
66%

GitHub Confirms Hack Impacting 3,800 Internal Repositories

The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension. The post GitHub Confirms Hack Impacting 3,800 Internal Repositories appeared first …

https://www.securityweek.com/github-confirms-hack-impacting-3800-internal-repositories/
5
🤖 ai The Decoder
65%

Google's Gemini 3.5 Flash follows Anthropic and OpenAI in making newer AI models significantly pricier

Google's Gemini 3.5 Flash is a big step up from its predecessor, but in benchmark testing, it costs 5.5 times as much to run. On agent tasks, total costs even exceed the pricier Gemini 3.1 Pro by 75 …

https://the-decoder.com/googles-gemini-3-5-flash-follows-anthropic-and-openai-in-making-newer-ai-models-significantly-pricier/
6
🔐 security Schneier on Security
62%

On AI Security

Good report: Executive Summary: Let’s say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, because benchmarks don’t ac…

https://www.schneier.com/blog/archives/2026/05/on-ai-security.html
7
🔐 security SecurityWeek
61%

Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass

The exploitation is mitigated by preventing the FsTx Auto Recovery Utility from starting when the WinRE image launches. The post Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass appea…

https://www.securityweek.com/microsoft-rolls-out-mitigations-for-yellowkey-bitlocker-bypass/
8
🤖 ai The Decoder
60%

Google tests the app market version of the SaaSpocalypse

Google AI Studio can now generate native Android apps from a prompt - built in Kotlin with Jetpack Compose and testable in a browser emulator. For simple utility apps like trackers or checklists, the…

https://the-decoder.com/google-tests-the-app-version-of-the-saaspocalypse/
9
🤖 ai The Decoder
59%

Google pairs its Genie world model with Street View to create explorable AI worlds based on real places

Google Deepmind connects its Genie 3 world model to Street View imagery: users drop a pin on a map and get a walkable, AI-generated world based on a real place. Google's Street View data, collected o…

https://the-decoder.com/google-pairs-its-genie-world-model-with-street-view-to-create-explorable-ai-worlds-based-on-real-places/
10
🤖 ai AI Alignment Forum
59%

The Case for Evaluating Model Behaviors

Most evaluations of AI systems focus on their capabilities: how good they are at coding tasks, how effectively they can answer complex scientific questions, and so on. From a safety perspective, capa…

https://www.alignmentforum.org/posts/J5KkwYnnaeNX7hL2s/the-case-for-evaluating-model-behaviors
11
🔐 security SecurityWeek
58%

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

A compromised maintainer account was used to publish malicious package versions across the @antv namespace. The post Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack appeared fi…

https://www.securityweek.com/over-320-npm-packages-hit-by-fresh-mini-shai-hulud-supply-chain-attack/
12
🔐 security SecurityWeek
57%

Anthropic Silently Patches Claude Code Sandbox Bypass

The researcher who found it says the vulnerability could have been chained with a prompt injection to exfiltrate data. The post Anthropic Silently Patches Claude Code Sandbox Bypass appeared first on…

https://www.securityweek.com/anthropic-silently-patches-claude-code-sandbox-bypass/
13
⚡ tech Stratechery
57%

Google I/O, World Models, I/O Spaghetti

Google I/O put AI everywhere, for better and for worse. Meanwhile, is DeepMind aligned with Google's business objectives?

https://stratechery.com/2026/google-i-o-world-models-i-o-spaghetti/
14
🤖 ai The Decoder
56%

LinkedIn's war on AI slop is not just a policy update—it is an admission that the platform lost control of its feed

Linkedin is cracking down on AI-generated junk content it calls "AI slop." In early tests, the platform says it correctly flagged generic posts 94 percent of the time. The irony: parent company Micro…

https://the-decoder.com/linkedins-war-on-ai-slop-is-not-just-a-policy-update-it-is-an-admission-that-the-platform-lost-control-of-its-feed/
15
🔐 security SecurityWeek
56%

AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop

Digital.ai’s latest threat report warns that agentic AI has erased the distinction between emerging and primary targets, enabling attackers to strike mobile apps within hours of release across every …

https://www.securityweek.com/ai-powered-app-attacks-are-faster-more-frequent-and-harder-to-stop/