The Hacker News

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...
The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
Morning Overview on MSN

Hackers poisoned the PyTorch Lightning AI package and it started stealing credentials the moment you imported it

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...

Fake income tax emails target Indians: Kaspersky warns of ‘SilverFox’ hacker attack

Cybersecurity firm Kaspersky has warned Indian consumers about a sophisticated phishing campaign by the SilverFox hacker ...
Morning Overview on MSN

PyTorch Lightning versions 2.6.2 and 2.6.3 were compromised on April 30 — check your installs immediately

On April 30, two releases of one of the most popular machine learning libraries on the Python Package Index were caught ...
Dark Reading

Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia

More than 1,600 malicious messages from the China-backed APT group deliver the previously undocumented ABCDoor backdoor and ...
Unite.AI

1Password Review: Never Worry About Password Breaches Again

Be honest with me. How many of your passwords are still some version of your pet’s name followed by a number? Studies have shown that roughly 80% of data breaches involve weak or reused passwords.
The Hacker News

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

Critical cPanel flaw under attack, Copy Fail Linux privilege escalation, TeamPCP supply chain campaign, GitHub RCE & major ...
Dark Reading

Physical Cargo Theft Gets a Boost From Cybercriminals

Supply chain theft is no longer just criminal groups operating locally, but transnational cybercriminal syndicates exploiting ...
PCMag UK

The Best Web Hosting Services for 2026

Selecting the right web host is essential for online success. The best web hosting services we've tested cater to a wide ...
Hackaday

This Week In Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, And Backdoored Tools

After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and ...