Nature

Bots are scraping open data — how should researchers respond?

The snowballing ability of artificial intelligence to trawl open data sets has some scientists worried about losing control ...
The Hacker News

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Bright Data SDK relays scraping via 150M+ consent-sourced IPs, bypassing VPNs and using up to 200GB/month bandwidth.

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Ever wonder what data your iPhone apps are harvesting? This app exposes it all in detail

Loupe shows the hidden fingerprinting signals any iPhone app can read, from language and battery details to installed apps and persistent identifiers.
The Next Web

A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month

The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...