The Hacker News

10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Ten typosquatted npm packages (Jul 4, 2025) delivered a 24MB PyInstaller info stealer using 4 obfuscation layers; ~9,900 ...
The Hacker News

China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats

Cybersecurity, Cyber Espionage, Malware, PlugX, Data Breach, Vulnerability, Phishing, European Union, Threat Intelligence ...

NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 ...

Hackers steal Discord accounts with RedTiger-based infostealer

Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and ...
CSO Online

Typo hackers sneak cross-platform credential stealer into 10 npm packages

The typosquatted packages auto-execute on installation, fingerprint victims by IP, and deploy a PyInstaller binary to harvest ...

Daily Search Forum Recap: October 30, 2025

Here is a recap of what happened in the search forums today, through the eyes of the Search Engine Roundtable and other search forums on the web. Google and Microsoft announced earnings and they both ...
Developer Tech

Malware campaign on npm steals AWS, GCP, and Azure cloud keys

An advanced malware campaign on the npm registry steals the very keys that control enterprise cloud infrastructure.