The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...

Why LLMs are plateauing – and what that means for software security

Despite rapid generation of functional code, LLMs are introducing critical, compounding security flaws, posing serious risks for developers.
Dark Reading

OpenClaw's Gregarious Insecurities Make Safe Usage Difficult

Malicious "skills" and persnickety configuration are just a few issues that security researchers have found when installing the OpenClaw AI assistant.
The Hacker News

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies

North Korean IT operatives use stolen LinkedIn accounts, fake hiring flows, and malware to secure remote jobs, steal data, and fund state programs.

Can AI Find Physics Beyond the Standard Model?

In 1930, a young physicist named Carl D. Anderson was tasked by his mentor with measuring the energies of cosmic ...
Felix Online

IC Hack 2026: Wizards Return to the Castle

Imperial’s famous event, and Europe’s biggest hackathon, took place over the last weekend of January.
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
HackadayOpinion

How Vibe Coding Is Killing Open Source

Does vibe coding risk destroying the Open Source ecosystem? According to a pre-print paper by a number of high-profile ...

North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.