The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
NewsBytes

Google blocks 1st known AI driven attack on 2FA

Google's Threat Intelligence Group thwarted the first known AI-developed zero-day exploit targeting two-factor authentication, preventing a planned mass-scale cyberattack.
InfoWorld

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

‘TrapDoor’ malware targets crypto dev tools in supply chain attack

Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.

Megalodon cyberattack infects 5,500 GitHub open-source repositories with malware, researchers say

Security researchers say 5,500 GitHub repositories have been affected by the attack.
The Hacker News

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

Supply chain chaos, old bugs, smarter phishing, and botnets everywhere — here’s what broke the internet this week.
Decrypt

Perplexity Built a Tool That Checks Your Computer for Infected Software—Without Setting Off the Infection

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.

Who is TeamPCP, the rising hacker group targeting open-source software and AI tools?

TeamPCP is an increasingly notorious group of cybercriminals that carry out software supply chain attacks, where hundreds of ...