For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
Microsoft

AI brands as bait: How threat actors are using the AI hype in social engineering

As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. In recent months, Microsoft Threat ...
IEEE

SECRET: Towards Scalable and Efficient Code Retrieval via Segmented Deep Hashing

Abstract: Code retrieval, which retrieves code snippets based on users' natural language descriptions, is widely used by devel-opers and plays a pivotal role in real-world software development. The ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
IEEE

BioDeepHash: Generating Consistent Templates for Secure Biometric Recognition

Abstract: Given the immutability of biometric data, it is imperative to develop a biometric template protection method that guarantees the complete non-disclosure of any original biometric information ...
GitHub

Pinductor — Learning POMDP World Models from Observations with Language-Model Priors

Code release for the accompanying paper Learning POMDP World Models from Observations with Language-Model Priors. Pinductor uses a large language model as a prior over executable POMDP programs, and ...