The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
Dark Reading

Attackers Use AI to Automate EDR Evasion Testing

Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows ...

GitHub disables Microsoft repos pushing password-stealing malware

Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, ...
Infosecurity Magazine

Threat Actor Uses AI to Build EDR Evasion Tools

A threat actor has been observed using AI coding tools to develop and refine malware designed to slip past endpoint detection ...

Norks blast 250+ fake job offers to developers over 6 weeks to try and snarf creds and crypto

There's another likely North Korean-linked scam hitting developers and their employers, while snarfing up credentials and ...
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

My new favorite Windows app made my PC safer and more reliable - and it's free

My new favorite Windows app made my PC safer and more reliable - and it's free ...
SecurityWeek

GlassWorm Botnet Disrupted

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.

CrowdStrike 2026 Technology Threat Landscape Report: China Steals AI Capabilities It Can’t Build

CrowdStrike (NASDAQ: CRWD) today released the CrowdStrike 2026 Technology Threat Landscape Report, revealing that China-nexus ...