The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

New ClickFix attacks abuse Windows App-V scripts to push malware

A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...

Moltbot is a security nightmare: 5 reasons to avoid using the viral AI agent right now

Moltbot is a security nightmare: 5 reasons to avoid using the viral AI agent right now ...
PCMag on MSN

Using Browser Extensions to Translate or Download Videos? Better Check They're Not One of These 17 Malicious Add-Ons

Cybersecurity firm LayerX uncovers 17 malicious extensions that can enable click fraud, user tracking, and more. The most ...