The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
Dark Reading

Vidar Rises to Top of Chaotic Infostealer Market

In a 43-page report, Intrinsec described Vidar as the most used infostealer on Russian Market, a cybercrime marketplace, ...
CSO Online

Stopping AiTM attacks: The defenses that actually work after authentication succeeds

AiTM attacks don't steal passwords; they copy the result of a real login. You need to watch what happens after the user logs ...

Official SAP npm packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...
The Hacker News

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

LofyGang resurfaces with LofyStealer disguised as Minecraft hack, exfiltrating IBANs and passwords to 24.152.36[.]241, ...

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
webtv.un.org

Commission on Population and Development, fifty-ninth session (2026)

*In accordance with Economic and Social Council decision 2005/213, the Commission, immediately following the closure of its fifty-eighth session, will hold the first meeting of its fifty-ninth session ...