The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
The Register on MSN

VS Code for Linux may be secretly hoarding trashed files

Versions installed via Snap don't delete files when users empty system trash Linux users who installed Microsoft's Visual ...
XDA Developers on MSN

This NAS wouldn't give me SSH access, so I hacked into it instead

It's a great NAS with great hardware, but the lack of SSH access is frustrating.
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable ...
InfoWorld

Beyond NPM: What you need to know about JSR

Here's how the JavaScript Registry evolves makes building, sharing, and using JavaScript packages simpler and more secure ...
The Hacker News

⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

Weekly cybersecurity recap covering emerging threats, fast-moving attacks, critical flaws, and key security developments you need to track this week.

I used one simple script to remove AI from popular browsers (including Chrome and Firefox)

I used one simple script to remove AI from popular browsers (including Chrome and Firefox) ...