The Hacker News

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe ...

Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware

Fake OpenClaw installers hosted in GitHub repositories and promoted by Microsoft Bing's AI-enhanced search feature instructed users to run commands that deployed information stealers and proxy malware ...
CSO Online

New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads

The Arkanix infostealer combines LLM-assisted development with a malware-as-a-service model, using dual language implementations to maximize reach and establish persistence.
Bleeping Computer

Infostealer malware found stealing OpenClaw secrets for first time

With the massive adoption of the OpenClaw agentic AI assistant, information-stealing malware has been spotted stealing files associated with the framework that contain API keys, authentication tokens, ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
ZDNet

6 top free secure DNS services I trust - and why I always encrypt my web browsing

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
Hosted on MSN

North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware

Lazarus Group evolving Operation Dream Job campaign to target Web3 developers New “Graphalgo” variant uses malicious dependencies in legitimate bare-bone projects on PyPI/npm ReversingLabs found ~200 ...

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.