The Hacker News

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Fortinet warns Stealit malware uses Node.js SEA and fake installers to deliver stealers, RATs, and persistence.
The Hacker News

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign.
WeLiveSecurity

Beware of threats lurking in booby-trapped PDF files

Looks can be deceiving, so much so thatthe familiar icon could mask malware designed to steal your data and money.
InfoWorld

Chainguard offers malware-resistant JavaScript libraries

Responding to recent NPM malware attacks, Chainguard Libraries for JavaScript seeks to address security vulnerabilities in ...
The Joplin Globe

The 2026–27 FAFSA® Is Open Early: Why Families Should File as Soon as Possible

The Free Application for Federal Student Aid ( ), the key to accessing billions of dollars in scholarships, grants, and federal financial aid for college, is open early for the 20 ...

This new phishing kit turns PDF files into malware - here's how to stay safe

A new PDF phishing kit is being sold on the dark web, promising customers advanced features, a simple interface, and competitive pricing, experts have warned. Security researchers from Varonis spotted ...
InfoWorld

Intro to Nitro: The server engine built for modern JavaScript

The HTTP engine inside Nitro is H3, a server geared for high-performance and portability. H3 provides the core functionality ...