The Hacker News

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
WeLiveSecurity

FishMonger’s arsenal upgraded: SprySOCKS for Windows

ESET researchers have discovered SprySOCKS for Windows, FishMonger’s backdoor weaponizing a kernel driver for advanced ...
Techopedia

LinkedIn Job Interview Scams: Beware of Malware Downloads

Eddie is Techopedia's Senior Editor who has previously worked in local, national, and international newsrooms in the UK and Australia, including Mail Online and Sydney's… In this virtual version of ...
cybernews

Critical compromise: Axios NPM library with 100M weekly downloads is delivering malware

Axios, a hugely popular JavaScript library with 100 million weekly downloads, has been hit by a critical supply chain attack. In a recurring open-source security crisis, developers unknowingly pulled ...
SecurityWeek

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

The popular Telnyx Python SDK is the latest victim of TeamPCP’s weeks-long supply chain campaign targeting the broad open source software ecosystem. The campaign started on March 19 with Aqua Security ...
https//beincrypto.com

How to Build Your First Crypto Bot For Free — No Coding Required

Vibe coding lets anyone build custom crypto tools using AI without programming skills. 30 minutes is all it takes to deploy a bot that monitors 500 tokens and sends Telegram alerts. The same workflow ...
GitHub

holeyfield33-art/aletheia-core

Runtime audit and pre-execution block layer for AI agents. Signed policy enforcement, semantic threat detection, tamper-evident audit receipts. Autonomous AI agents manage CI/CD pipelines, financial ...
Windows Report

5 Best Email Encryption Software Ranked by Features

Email encryption software is extremely important nowadays because digital correspondence has never been more endangered. These solutions practically scramble the contents of the message so they cannot ...
Bleeping Computer

From infostealer to full RAT: dissecting the PureRAT attack chain

An investigation into what appeared at first glance to be a “standard” Python-based infostealer campaign took an interesting turn when it was discovered to culminate in the deployment of a ...
Infosecurity-magazine.com

Phishing Campaign Evolves into PureRAT Deployment, Linked to Vietnamese Threat Actors

A recent investigation has revealed a phishing campaign that began with a simple Python-based infostealer but ultimately led to the deployment of PureRAT, a full-featured commodity remote access ...