The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
The Security Ledger

How Claude Planted Malicious Code In A Crypto-Trading App

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...

You can now get Gemini to generate downloadable files directly in chat

Google appears to have quietly rolled out a new feature for Gemini that allows you to generate downloadable files directly in ...

Google Gemini Can Now Generate & Download Files Directly in Your Chat

Gemini can now create and download PDFs, Word, and Excel files directly from your chat, eliminating manual formatting and ...
CNET

Phone-Maker Nothing Revives Android-to-Computer File Sharing Tool

The London-based consumer electronics brand released and then removed its new file-sharing app in favor of a more cumbersome ...

Official SAP npm packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

Developer turns Telegram into Google Drive-like cloud storage solution for free

A developer has created Telegram Drive, an open-source desktop app that turns Telegram into a cloud storage system, offering ...
InfoWorld

Is your Node.js project really secure?

Node.js does not need more theatrical security output. It needs better developer workflow infrastructure. It needs tools that ...
Forbes

How To Recover Deleted Files: A Simple Guide

With nearly two decades of retail management and project management experience, Brett Day can simplify complex traditional and Agile project management philosophies and methodologies and can explain ...
Infosecurity Magazine

Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets

Researchers uncover a malicious npm dependency linked to an AI‑assisted code commit that steals sensitive data and exposes ...

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.