The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...
Security Boulevard

Hackers Use LLM to Create React2Shell Malware, the Latest Example of AI-Generated Threat

Darktrace researchers say hackers used AI and LLMs to create malware to exploit the React2Shell vulnerability to mine ...

LummaStealer infections surge after CastleLoader malware campaigns

A surge in LummaStealer infections has been observed, driven by social engineering campaigns leveraging the ClickFix technique to deliver the CastleLoader malware.
Technobezz on MSN

Microsoft warns that Python infostealers now target macOS at scale

Microsoft warns that Python-based infostealers are increasingly targeting macOS, harvesting sensitive data and challenging ...
Cybernews

ClickFix access broker campaign hits Windows with Python-driven backdoors

Businesses are being warned about a new cyber campaign targeting Windows environments where getting in is only the beginning – not the end – of the attack.

DoS and malware attacks possible on IBM App Connect Enterprise

Multiple software vulnerabilities threaten systems with IBM App Connect Enterprise or WebSphere Service Registry and ...
Cryptopolitan on MSN

Malicious packages empty dYdX user wallets

dYdX has been targeted by bad actors using malicious packages to empty its user wallets.

Malicious packages for dYdX cryptocurrency exchange empties user wallets

Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX developers and backend systems and, in some cases, backdoored devices, ...
The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.