The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
TechSpot

Malware campaign lures users with fake Windows Update website

Editor's take: Microsoft has increasingly turned Windows Update into a point of frustration for some users, all while cybercriminals continue to exploit weaknesses in the Windows platform to deploy ...
Infosecurity-magazine.com

GitHub Used as Covert Channel in Multi-Stage Malware Campaign

A series of malicious LNK files targeting users in South Korea has been detected using a multi-stage attack chain that uses GitHub as command and control (C2) infrastructure. The campaign relies on ...
marketingtechnews.net

Malware on LinkedIn: advice for employers and jobseekers

A PXA Stealer campaign that works through LinkedIn interactions has been found to be active, targeting jobseekers in the US, Sweden, Bangladesh, India, and the Netherlands. LinkedIn is popular among ...
Morningstar

Lookout Uncovers DarkSword iOS Exploit Chain, Exposing a New Era of Mobile Threats

World’s Largest Mobile Threat Intelligence Dataset Powers Discovery of Hit-and-Run Exploit Targeting iOS Users and Cryptocurrency Assets Lookout, Inc., the leader in mobile security, today announced ...
Yahoo

If You Keep Seeing Angel Numbers Everywhere, Here’s What People Believe They Mean—And Let Me Tell You, It’s Actually Pretty Fascinating

Add Yahoo as a preferred source to see more of our stories on Google. It’s funny how certain numbers stick in your head. At some point growing up, I remember people around me getting oddly excited ...
TechRepublic

Hackers Pose as IT Staff in Microsoft Teams to Install Malware

Hackers Pose as IT Staff in Microsoft Teams to Install Malware Your email has been sent Microsoft Teams impersonation and social engineering tactics are being used in an ongoing campaign to deliver a ...
Infosecurity-magazine.com

OysterLoader Evolves With New C2 Infrastructure and Obfuscation

A multi-stage malware loader known as OysterLoader has continued to evolve into early 2026, refining its command-and-control (C2) infrastructure and obfuscation methods. The C++-based threat, also ...
TechRepublic

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A new social engineering campaign is abusing fake CAPTCHA verification pages to trick Windows users into launching StealC information-stealing malware. The attack relies on compromised websites that ...
SiliconANGLE

Securonix warns of Dead#Vax malware campaign abusing Windows fileless execution

A new report out today from cybersecurity company Securonix Inc. is warning of a highly sophisticated, multistage malware campaign where attackers are abusing trusted Windows features and fileless ...
The Hacker News

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass ...