The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

The disclosure comes as HelixGuard discovered a malicious package in PyPI named "spellcheckers" that claims to be a tool for ...
Security Boulevard

Shai-Hulud: The Second Coming

While the September 2025 Shai-Hulud attack focused primarily on credential harvesting and self-propagation, this new variant ...
CNX Software

UP TWL AI Dev Kit review – Benchmarks, features testing, and AI workloads on Ubuntu 24.04

Earlier this month, I started the review of the Intel-based UP AI development kits with an unboxing of the UP TWL, UP Squared Pro TWL, and UP Xtreme ARL ...
CSO Online

China‑linked PlushDaemon hijacks DNS via ‘EdgeStepper’ to weaponize software updates

A router implant is redirecting DNS traffic to attacker-controlled infrastructure, turning trusted update channels into ...
Dark Reading

DPRK's 'Contagious Interview' Spawns Malicious Npm Package Factory

North Korean attackers have delivered more than 197 malicious packages as part of ongoing state-sponsored activity to ...
Infosecurity Magazine

Malware Manipulates AI Detection in Latest npm Package Breach

A new attempt to influence AI-driven security scanners has been identified in a malicious npm package. The package, ...
The Hacker News

⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

Big firms like Microsoft, Salesforce, and Google had to react fast — stopping DDoS attacks, blocking bad links, and fixing ...

Glassworm returns once again with a third round of VS code attacks

The Visual Studio Marketplace and the Open VSX Registry users are targeted once again with infostealing malware.