The Hacker News

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Weedhack malware targets Minecraft players via YouTube and SEO poisoning since Jan 2026, enabling credential theft and remote ...

Meet Wander, a StumbleUpon-inspired tool for discovering the ‘small web’

This open-source community project lets you create a StumbleUpon-like experience for recommending your favorite sites.

Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures

Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...

MPS staffer who got plea deal in slapping case had earlier incident

Records show an MPS staffer slapped two students in 13 months. The district did not report the first incident to police.

Researchers found a way to spy on your browsing by watching your SSD's activity

The method, known as FROST – short for "fingerprinting remotely using OPFS-based SSD timing" – focuses on how different processes compete for storage access. That competition ...

Probably not, but it could be (2026)

A singular instant within the life of someone who cannot recall their past, trapped within the tactille universe. A ...
Bleeping Computer

Red Hat npm packages compromised to steal developer credentials

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, ...

Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...
Columbia University School of Professional Studies

The Con That Comes Prepared

How AI-enabled deception, open-source software dependencies, and social engineering are reshaping enterprise cybersecurity ...
The Hacker News

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access ...
Hackaday

This Week In Security: Ubiquiti Fixes, And FreeBSD Joins The Club You Don’t Want To Join

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...