The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Security Boulevard

Huntress, Microsoft Detail the Continued Popularity, Evolution of ClickFix Attacks

Microsoft, Huntress, and Intego this month detailed attacks that show the ongoing evolution of the highly popular compromise technique.
XDA Developers on MSN

5 networking tools I use weekly that don't cost anything

No subscriptions, just five free networking essentials.
Infosecurity Magazine

Fraud Investigation Reveals Sophisticated Python Malware

A sophisticated Python-based malware deployment uncovered during a fraud investigation has revealed a layered attack ...
The Hacker News

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories

ThreatsDay Bulletin tracks active exploits, phishing waves, AI risks, major flaws, and cybercrime crackdowns shaping this week’s threat landscape.
CSO Online

New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads

The Arkanix infostealer combines LLM-assisted development with a malware-as-a-service model, using dual language implementations to maximize reach and establish persistence.
CSO Online

Keenadu: Android malware that comes preinstalled and can’t be removed by users

Keenadu infiltrated devices by posing as legitimate system components, prompting calls for tighter controls on firmware ...