The Hacker News

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories

ThreatsDay Bulletin tracks active exploits, phishing waves, AI risks, major flaws, and cybercrime crackdowns shaping this week’s threat landscape.
CSO Online

Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a ...
PCMag on MSN

Your Phone's Best Defense Against Scam Texts Might Be Turned Off By Default. Do This to Fix It

Tired of spam texts that just won't stop? Your phone comes with built-in protection, but it might be turned off by default. Here's how to fix that on both iPhone and Android.
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...

How I turned ChatGPT into a scam detector using the new Malwarebytes integration - for free

What you'll need: You only need ChatGPT. The Malwarebytes integration is currently rolling out to ChatGPT Free, Plus, Team, and Enterprise users wherever apps are supported. You don't need to create a ...