New PCPJack worm steals credentials, cleans TeamPCP infections

A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
Hackaday

This Week In Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, And Backdoored Tools

After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
Elektor Magazine

Secure Communication with RSA and AES: Encrypted Messaging on the Raspberry Pi 5

This article presents a practical implementation of encrypted message exchange between two Raspberry Pi devices using a ...

Linux cryptographic code flaw offers fast route to root

The newly disclosed LPE, dubbed Copy Fail (CVE-2026-31431), comes from a vulnerability in the Linux kernel's authencesn ...
The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...

Script Injection and Data Theft: Python Data Analysis Tool Compromised

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...
The Security Ledger

How Claude Planted Malicious Code In A Crypto-Trading App

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...

Official SAP npm packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

Another npm supply chain worm is tearing through dev environments

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...