Fake job recruiters hide malware in developer coding challenges

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks.
The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...

Android malware hidden in fake antivirus app

Fake antivirus app TrustBastion uses Hugging Face to deliver Android malware that captures screenshots, steals PINs and shows fake login screens, according to Bitdefender.

Fake AI Chrome extensions with 300K users steal credentials, emails

A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information.

False posts about Nipah virus prey on fear of spread in Philippines

Philippine health officials say there is no active Nipah virus threat in the country and they are monitoring the situation after cases were contained in India in early 2026, rejecting social media ...

Scammers Are Sending Fake Invites With Malware

Sorry—you weren't actually invited to a party.

These Malicious AI Assistants in Chrome Are Stealing User Credentials

Attackers are impersonating ChatGPT, Gemini, and Grok.