The Hacker News

npm’s Update to Harden Their Supply Chain, and Points to Consider

In short, npm has taken an important step forward by eliminating permanent tokens and improving defaults. Until short-lived, ...
MIT Technology Review

AI is already making online crimes easier. It could get much worse.

Some cybersecurity researchers say it’s too early to worry about AI-orchestrated cyberattacks. Others say it could already be happening.

Fake AI Chrome extensions with 300K users steal credentials, emails

A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants ...
Computer Weekly

What is driving the rise of infostealer malware?

Cyber criminals would much rather log in than hack in. That’s why infostealer malware, designed to exfiltrate user credentials, browser data, messages, documents, images, and device information, is ...
SiliconANGLE

‘PyStoreRAT’ malware uses fake developer tools on GitHub to infect Windows systems

A new report out today from endpoint security firm Morphisec Inc. details a previously undocumented malware family dubbed “PyStoreRAT” that abuses trusted open-source platforms and Windows scripting ...
Infosecurity-magazine.com

Malware Discovered in 19 Visual Studio Code Extensions

A campaign involving 19 Visual Studio (VS) Code extensions that embed malware inside their dependency folders has been uncovered by cybersecurity researchers. Active since February 2025 but identified ...
CSOonline

Polymorphic AI malware exists — but it’s not what you think

We are either at the dawn of AI-driven malware that rewrites itself on the fly, or we are seeing vendors and threat actors exaggerate its capabilities. Recent Google and MIT Sloan reports reignited ...
Nextgov

China is using advanced ‘Brickstorm’ malware against government and IT orgs, US assesses

The NSA and the Cybersecurity and Infrastructure Security Agency have assessed that China is using an advanced malware family to access government agencies and technology companies, according to ...
PC World

Malware found in popular SmartTube app on smart TVs. Here’s what to do about it

The popular open-source YouTube app for Android TVs known as SmartTube was temporarily hacked and infected with malware. Attackers had access to the app’s signature ...
Dark Reading

How Malware Authors Are Incorporating LLMs to Evade Detection

Threat actors are testing malware that incorporates large language models (LLMs) to create malware that can evade detection by security tools. In an analysis published earlier this month, Google's ...
Android Authority

New banking malware can stealth-hack your Android phone: Here's how to stay safe (Updated)

A malware, called “Sturnus,” has emerged, and it exploits Android’s accessibility features to spread on your phone even without you noticing. It gains access to your Android after being installed via ...
Bleeping Computer

Google exposes BadAudio malware used in APT24 espionage campaigns

China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage campaign that recently switched to more sophisticated attack methods. Since 2022, ...