The Hacker News

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

Sleeper packages in Ruby and Go steal credentials and alter CI workflows, leading to persistent access and data exfiltration.
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
Military.com

Fake AI Photo of F-15 Crew Rescue in Iran Spreads Across Social Media

Screenshot of the AI-generated image that circulated on X and Facebook over Easter weekend. The photograph is fabricated. (Facebook) A digitally fabricated photograph claiming to show the rescue of an ...
Bleeping Computer

Axios npm hack used fake Teams error fix to hijack maintainer account

The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign linked to North Korean hackers ...
ExtremeTech

Meta Warns iPhone Users About Spyware‑Infested Fake WhatsApp

Meta has alerted a small group of iPhone users that they installed a spyware‑laced version of WhatsApp instead of the official app. The company found that the fake WhatsApp originated from an Italian ...
The Next Web

WhatsApp just caught an Italian spyware firm building a fake version of its app for iPhones

WhatsApp has notified approximately 200 users, primarily in Italy, that they were tricked into installing a counterfeit version of the messaging app that was actually government spyware. The fake ...
The New York Times

Can You Fake Being Rich?

A spate of popular social media accounts offer advice on how to achieve an “old-money” look. By Guy Trebay Want to look like a billion dollars? Social media is here to help. Daily, hourly, seemingly ...
The Conversation

Fake news on everything from whales to wind farms: Australia is flooded with climate misinformation

Australia is facing a wave of misinformation and disinformation on climate change and energy. This is being fuelled by the growth in artificial intelligence and allowed to spread freely on social ...
Newsweek

IRS Warning to Millions of Americans as Tax Deadline Approaches

See more of our trusted coverage when you search. Prefer Newsweek on Google to see more of our trusted coverage when you search. The Internal Revenue Service (IRS) is urging taxpayers to stay alert ...
The Washington Post

Thousands have swooned over this MAGA dream girl. She’s made with AI.

The beautiful Army blonde Jessica Foster has posed with an F-22 Raptor fighter jet, donned camouflage in the desert and walked a tarmac with President Donald Trump on the first day of the strikes on ...
Bleeping Computer

Fake enterprise VPN sites used to steal company credentials

A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal VPN credentials from unsuspecting users. The attackers manipulate search ...
CSOonline

Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

The financially motivated group has been active since May 2025, impersonating Fortinet, Ivanti, Cisco, and other vendors to steal corporate credentials. Microsoft has warned enterprises that ...