The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and data-stealing malware.
MIT Technology Review

AI is already making online swindles easier. It could get much worse.

Some cybersecurity researchers say it’s too early to worry about AI-orchestrated cyberattacks. Others say it could already be happening.

Microsoft says hackers are exploiting critical zero-day bugs to target Windows and Office users

Critical security flaws targeting Windows and Office users allow hackers to take complete control of a victim's computer by ...

Windows 11 Notepad flaw let files execute silently via Markdown links

Microsoft has fixed a "remote code execution" vulnerability in Windows 11 Notepad that allowed attackers to execute local or ...

I Loved My OpenClaw AI Agent—Until It Turned on Me

Previously known as both Clawdbot and Moltbot, OpenClaw recently became a Silicon Valley darling, charming AI enthusiasts and ...

Microsoft fixes Notepad flaw that could trick users into clicking malicious Markdown links

Microsoft has fixed a serious security vulnerability affecting Markdown files in Notepad. In the company’s Tuesday patch ...

Google says hackers are abusing Gemini AI for all attacks stages

Google Threat Intelligence Group (GTIG) has published a new report warning about AI model extraction/distillation attacks, in which private-sector firms and researchers use legitimate API access to ...

These 4 critical AI vulnerabilities are being exploited faster than defenders can respond

From prompt injection to deepfake fraud, security researchers say several flaws have no known fix. Here's what to know about them.