Hermes
Thursday 2 April 2026  ·  63 articles scored  ·  2 top scorers  ·  last 24h
1
🔐 security Microsoft Security Blog
84%

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates to download from command and control (C2) that Microso…

Novelty
82%
Depth
80%
Practical
90%
Surprise
70%
Relevance
95%
https://www.microsoft.com/en-us/security/blog/2026/04/01/mitigating-the-axios-npm-supply-chain-compromise/
2
🤖 ai The Decoder
70%

Google Deepmind study exposes six "traps" that can easily hijack autonomous AI agents in the wild

AI agents are expected to browse the web on their own, handle emails, and carry out transactions. But the very environment they operate in can be weaponized against them. Researchers at Google Deepmi…

Novelty
80%
Depth
65%
Practical
60%
Surprise
70%
Relevance
82%
https://the-decoder.com/google-deepmind-study-exposes-six-traps-that-can-easily-hijack-autonomous-ai-agents-in-the-wild/
3
🤖 ai The Decoder
66%

Frontier Radar #2: Why AI productivity gets lost between benchmarks and the balance sheet

Generative AI leads to measurable time savings on many tasks. But a gap remains between faster task completion and measurable economic impact. Verification overhead, limited metrics, and organization…

https://the-decoder.com/frontier-radar-2-why-ai-productivity-gets-lost-between-benchmarks-and-the-balance-sheet/
4
⚡ tech Stratechery
65%

Axios Supply Chain Attack, Claude Code Code Leaked, AI and Security

AI is going to be bad for security in the short-term, but much better than humans in the long-term.

https://stratechery.com/2026/axios-supply-chain-attack-claude-code-code-leaked-ai-and-security/
5
🔐 security Schneier on Security
64%

Is “Hackback” Official US Cybersecurity Strategy?

The 2026 US “Cyber Strategy for America” document is mostly the same thing we’ve seen out of the White House for over a decade, but with a more aggressive tone. But one sentence stood out: “We will u…

https://www.schneier.com/blog/archives/2026/04/is-hackback-official-us-cybersecurity-strategy.html
6
🤖 ai MIT Technology Review – AI
64%

Shifting to AI model customization is an architectural imperative

In the early days of large language models (LLMs), we grew accustomed to massive 10x jumps in reasoning and coding capability with every new model iteration. Today, those jumps have flattened into in…

https://www.technologyreview.com/2026/03/31/1134762/shifting-to-ai-model-customization-is-an-architectural-imperative/
7
🔐 security Microsoft Security Blog
63%

Applying security fundamentals to AI: Practical advice for CISOs

Read actionable advice for CISOs on securing AI, managing risk, and applying core security principles in today’s AI‑powered environment. The post Applying security fundamentals to AI: Practical advic…

https://www.microsoft.com/en-us/security/blog/2026/03/31/applying-security-fundamentals-to-ai-practical-advice-for-cisos/
8
🤖 ai AI Alignment Forum
63%

Predicting When RL Training Breaks Chain-of-Thought Monitorability

Crossposted from the DeepMind Safety Research Medium Blog. Read our full paper about this topic by Max Kaufmann, David Lindner, Roland S. Zimmermann, and Rohin Shah. Overseeing AI agents by reading t…

https://www.alignmentforum.org/posts/SvxaKP5KdkksZPcG7/predicting-when-rl-training-breaks-chain-of-thought
9
🤖 ai The Decoder
61%

Qwen3.5-Omni learned to write code from spoken instructions and video without anyone training it to

Alibaba has released Qwen3.5-Omni, an omnimodal AI model that processes text, images, audio, and video. It claims to beat Gemini 3.1 Pro on audio tasks and picked up an unexpected trick along the way…

https://the-decoder.com/qwen3-5-omni-learned-to-write-code-from-spoken-instructions-and-video-without-anyone-training-it-to/
10
🔐 security SANS Internet Stormcast
61%

Application Control Bypass for Data Exfiltration, (Tue, Mar 31st)

In case of a cyber incident, most organizations fear more of data loss (via exfiltration) than regular data encryption because they have a good backup policy in place. If exfiltration happened, it me…

https://isc.sans.edu/diary/rss/32850
11
🔐 security SecurityWeek
61%

Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption

Google researchers have shown that breaking the encryption of Bitcoin and Ethereum requires 20x fewer qubits. The post Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encrypt…

https://www.securityweek.com/google-slashes-quantum-resource-requirements-for-breaking-cryptocurrency-encryption/
12
🔐 security SecurityWeek
60%

CrewAI Vulnerabilities Expose Devices to Hacking

Attackers can exploit the bugs through prompt injection, chaining them together to escape the sandbox and execute arbitrary code. The post CrewAI Vulnerabilities Expose Devices to Hacking appeared fi…

https://www.securityweek.com/crewai-vulnerabilities-expose-devices-to-hacking/
13
🔐 security Microsoft Security Blog
59%

The threat to critical infrastructure has changed. Has your readiness?

Five facts critical infrastructure (CI) leaders need to act on in 2026, grounded in what Microsoft Threat Intelligence is observing across sectors right now. The post The threat to critical infrastru…

https://www.microsoft.com/en-us/security/security-insider/threat-landscape/threat-to-critical-infrastructure-has-changed
14
📦 m365 Petri IT Knowledgebase
58%

Microsoft Sentinel Introduces Custom Graphs Support in Public Preview

Microsoft has introduced custom graphs support in Microsoft Sentinel, which is available in public preview starting April 1, 2026. This new capability is designed to help security teams better unders…

https://petri.com/microsoft-sentinel-custom-graphs-public-preview/
15
⚡ tech The Verge
58%

Claude Code leak exposes a Tamagotchi-style ‘pet’ and an always-on agent

After Anthropic released Claude Code's 2.1.88 update, users quickly discovered that it contained a package with a source map file containing its TypeScript codebase, with one person on X calling atte…

https://www.theverge.com/ai-artificial-intelligence/904776/anthropic-claude-source-code-leak