The Hacker News

âš¡ Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More

Explore emerging attack methods, evolving AI-driven threats, supply chain risks, and strategies to strengthen defenses and ...
The Hacker News

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

Zscaler reveals SilentSync remote access trojan hidden in two malicious PyPI Python packages, risking browser data theft and multi-OS compromise.

PyPI invalidates tokens stolen in GhostAction supply chain attack

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early ...

Google: Brickstone malware used to steal U.S. orgs' data for over a year

Suspected Chinese hackers have used the Brickstorm malware in long-term persistence espionage operations against U.S.
CSO Online

Macs go phishing as GitHub impostors drop Atomic stealer

OS users are being tricked in the ongoing campaign with fake GitHub pages that deliver the Atomic infostealer.
CSO Online

AI-powered phishing scams now use fake captcha pages to evade detection

Attackers are exploiting low-code AI platforms such as Vercel, Netlify, and Lovable to rapidly build phishing sites that look ...

Your passkeys could be vulnerable to attack, and everyone - including you - must act

When a clickjack attack managed to hijack a passkey authentication ceremony, were password managers really to blame? ZDNET's investigation reveals a more complicated answer.
How-To Geek on MSN

Python Package Index Responds to Malware Attack by Invalidating Tokens

The Python Package Index (PyPI), run by the Python Software Foundation, has officially invalidated all the publishing tokens that were stolen in the GhostAction supply chain attack that happened ...