The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
Make Tech Easier

From Clawdbot to OpenClaw – Does This Viral AI Assistant Live Up to the Hype?

A self-hosted AI assistant that lives in your chat app, Clawdbot promises to do real work, but only if you’re willing to trust it with real access.