PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
SecurityWeek

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware

The threat actor infected victims with the Snow malware family – Snowbelt, Snowglaze, and Snowbasin – for persistent access.
ITWeb

Practical tech skills that actually boost employability in 2026

Employers increasingly prioritise experience, portfolios and applied skills over formal degrees alone, says Robin Ramokgadi, ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
The Hacker News

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

CVE-2026-33626 exploited within 13 hours of disclosure, enabling SSRF-based cloud credential theft and internal scanning.

Trigona ransomware attacks use custom exfiltration tool to steal data

Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised ...
The Hacker News

UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware

UNC6692 has been attributed to a large email campaign that's designed to overwhelm a target's inbox with a flood of spam ...

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Cybercriminals are tricking AI into leaking your data, executing code, and sending you to malicious sites. Here's how.
WeLiveSecurity

GopherWhisper: A burrow full of malware

ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian ...

AI Tools Are Helping Mediocre North Korean Hackers Steal Millions

One group of hackers used AI for everything from vibe coding their malware to creating fake company websites—and stole as ...