The Hacker News

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to ...

From infostealer to full RAT: dissecting the PureRAT attack chain

Researchers map a campaign that escalated from a Python infostealer to a full PureRAT backdoor — loaders, evasions, and ...

Oracle patches EBS zero-day exploited in Clop data theft attacks

Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to ...