The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and data-stealing malware.
InfoWorld

Go 1.26 unleashes performance-boosting Green Tea GC

New garbage collector promises a 10% to 40% reduction in garbage collection overhead in real-world programs that rely heavily on garbage collection.

These 4 critical AI vulnerabilities are being exploited faster than defenders can respond

From prompt injection to deepfake fraud, security researchers say several flaws have no known fix. Here's what to know about them.
Security Boulevard

Hackers Use LLM to Create React2Shell Malware, the Latest Example of AI-Generated Threat

Darktrace researchers say hackers used AI and LLMs to create malware to exploit the React2Shell vulnerability to mine ...
GovInfoSecurity

AI-Generated Malware Exploits React2Shell for Tiny Profit

Security researchers detected artificial intelligence-generated malware exploiting the React2Shell vulnerability, allowing ...
Technobezz on MSN

Microsoft warns that Python infostealers now target macOS at scale

Microsoft warns that Python-based infostealers are increasingly targeting macOS, harvesting sensitive data and challenging ...

10K Claude Desktop Users Exposed by Zero-Click Vulnerability

A zero-click flaw in Anthropic’s Claude Desktop Extensions allows attackers to trigger remote code execution via Google ...

How recruitment fraud turned cloud IAM into a $2 billion attack surface

Adversaries weaponized recruitment fraud to steal cloud credentials, pivot through IAM misconfigurations, and reach AI ...