The Hacker News

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer

SmartLoader campaign spreading StealC via a trojanized Oura MCP server using fake GitHub forks to steal credentials and crypto funds.

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...
Scientific American

How ‘effectively zero-knowledge’ proofs could transform cryptography

In mathematics, proofs can be written down and shared. In cryptography, when people are trying to avoid revealing their ...
Decrypt

Crypto Flows to Suspected Human Trafficking Services Jump 85% in 2025: Chainalysis

Suspected trafficking-related crypto flows reached hundreds of millions, Chainalysis reported, with one CSAM site topping ...
The Hacker News

npm’s Update to Harden Their Supply Chain, and Points to Consider

First, people need to remember that the original attack on tools like ChalkJS was a successful MFA phishing attempt on npm’s ...

Claude LLM artifacts abused to push Mac infostealers in ClickFix attack

Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries.

How to write Linux bash scripts on your Android - and why you'd want to

Enable the Linux terminal on any Android device, and you can create or practice your bash scripting on the go.