The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
InfoWorld

4 self-contained databases for your apps

SQLite has its place, but it’s not fit for every occasion. Learn how to set up install-free versions of MariaDB, PostgreSQL MongoDB, and Redis for your development needs.
InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ‘the JavaScript ecosystem deserves better.’ ...
OMG! Ubuntu

LibreOffice 26.2 released with Excel boosts & Markdown support

LibreOffice 26.2 is here with multi-user Base, better Excel pasting, Markdown support and speed boosts. Coming to Ubuntu ...
The Hacker News

⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

Weekly cybersecurity recap covering emerging threats, fast-moving attacks, critical flaws, and key security developments you need to track this week.
OSTechNix

Pocket TTS: High-Quality Local Voice Cloning Without GPU

Pocket TTS delivers high-quality text-to-speech on standard CPUs. No GPU, no cloud APIs. It is the first local TTS with voice ...