SecurityWeek

Infostealers Turn Millions of Devices Into Credential Theft Machines

Modern infostealers don't just steal passwords—they harvest the digital identities and context that enable attackers to blend ...

In A.I. Blunder, More Than 34,000 Instagram Accounts Were Attacked

The flaw, which Meta said it had fixed, allowed anyone to take over accounts using a bug in the company’s new artificial ...

GitHub disables Microsoft repos pushing password-stealing malware

Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, ...
Cybernews

Hackers hijack Microsoft packages to steal developer logins

The malware used in the attack was dubbed “Miasma” and is described as a self-replicating worm designed to harvest login ...

Microsoft’s open source tools were hacked to steal passwords of AI developers

According to security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware, which were some of the ...

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
Opinion
HackadayOpinion

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...
Inc

Why You Need to Stop Using Passwords and Switch to This Secure Alternative Now

If you’ve been hearing a lot more about passkeys recently, there’s good reason for it. After becoming more widely available in 2022, passkeys have surged in popularity, driven by ease of use and ...
AOL

Scammers are using a fake captcha hack to steal your personal information: ‘Verify you’re human.’ Here’s the big red flag to watch for

Clicking a captcha "I am not a robot" box and identifying images to prove it is second nature for many internet users. Now, cybercriminals are exploiting people's comfort with the routine to scam them ...

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...