The Hacker News

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Trojanized gaming tools and new Windows RATs like Steaelite enable data theft, ransomware, and persistent remote control.
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
SecurityWeek

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover

Orca has discovered a supply chain attack that abuses GitHub Issue to take over Copilot when launching a Codespace from that ...
InfoWorld

New npm worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.

ASD releases Azul open-source malware analysis tool

Sample files for Azul are kept in a Simple Storage Service (S3) compatible binary large object (blob) store, and processed ...
InfoWorld

Enterprise use of open source AI coding is changing the ROI calculation

Open source has always had issues, but the benefits outweighed the costs/risks. AI is not merely exponentially accelerating tasks, it is disproportionately increasing risks.
Infosecurity-magazine.com

VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code

A Linux-based command-and-control (C2) framework capable of long-term intrusion across cloud and enterprise environments has been further analyzed in new research. Known as VoidLink, the malware ...
Cyber Wire

How Rubrik Zero Labs Uses LLMs to Analyze Malware at Machine Speed

>> Amit Malik: One of the malware that we identified in our report that we have mentioned, this guy is actually running on the machine. It's collecting all the information of the machine and then ...
GitHub

Java Backend Coding Technology

A framework-agnostic methodology for writing predictable, testable Java backend code optimized for human-AI collaboration. In industrial manufacturing, technology is the structured method of producing ...
Fox News

Most parked domains now push scams and malware

Typing a web address directly into your browser feels harmless. In fact, it feels normal. But new research shows that a simple habit is now one of the riskiest things you can do online. A recent study ...
Infosecurity-magazine.com

Malware Discovered in 19 Visual Studio Code Extensions

A campaign involving 19 Visual Studio (VS) Code extensions that embed malware inside their dependency folders has been uncovered by cybersecurity researchers. Active since February 2025 but identified ...
Bleeping Computer

Glassworm malware returns in third wave of malicious VS Code packages

The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. OpenVSX and ...