The Hacker NewsOpinion

Model Security Is the Wrong Frame – The Real Risk Is Workflow Security

AI security risks are shifting from models to workflows after malicious extensions stole chat data from 900,000 users & ...
TechRepublic

Fake ‘Leonardo DiCaprio’ Torrent Spreads Agent Tesla Malware

Cybercriminals are exploiting demand for pirated movies by disguising malware as a fake torrent of “One Battle After Another,” a new Leonardo DiCaprio film, tricking Windows users into infecting their ...
financefeeds

Shai Hulud Malware Hits 400+ JavaScript Packages in Major NPM Supply-Chain Attack

What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...
Dark Reading

LotL Attack Hides Malware in Windows Native AI Stack

A researcher has demonstrated that Windows' native artificial intelligence (AI) stack can serve as a vector for malware delivery. In a year where clever and complex prompt injection techniques have ...
Yahoo

DPRK Hackers Use 'EtherHiding' to Host Malware on Ethereum, BNB Blockchains: Google

Google’s Threat Intelligence Group has warned that North Korea is using EtherHiding—a malware that hides in blockchain smart contracts and enables cryptocurrency theft—in its cyber hacking operations, ...
LocalSYR

Introducing Chainguard Libraries for JavaScript: Malware-Resistant Dependencies Built Entirely from Source

The risk in the JavaScript ecosystem isn't theoretical: earlier this month, a number of packages used by millions of developers were compromised via malicious code. These malware attacks against ...
Dark Reading

Npm Package Hides Malware in Steganographic QR Codes

Attackers have poisoned a code package on the npm registry in a novel way, hiding credential-stealing malware in steganographic QR codes embedded in a package purporting to offer a JavaScript utility.
Infosecurity-magazine.com

Chinese APT Actor Compromises Military Firm with Novel Fileless Malware Toolset

A Chinese APT group has compromised a Philippines-based military firm using a novel, sophisticated fileless malware framework dubbed “EggStreme”, Bitdefender researchers have warned. The multi-stage ...
CSOonline

Smart GPUGate malware exploits GitHub and Google Ads for evasive targeting

The malware tricks IT personnel into downloading malicious GitHub Desktop installers with GPU-gated decryption targeting sensitive data across Windows and macOS environments. Security researchers at ...
PCGamesN

Valve Index 2 VR headset rumors heat up as Steam Frame name surfaces

Valve has just trademarked the term Steam Frame, with huge speculation now afoot that it could be the name for the company's next-gen hardware device. Valve hasn't commented publicly, but a dataminer ...
CoinTelegraph

Hackers find new way to hide malware in Ethereum smart contracts

Threat actors have found a new way to deliver malicious software, commands, and links inside Ethereum smart contracts to evade security scans as attacks using code repositories evolve. Cybersecurity ...