The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
NewsBytes

Google blocks 1st known AI driven attack on 2FA

Google's Threat Intelligence Group thwarted the first known AI-developed zero-day exploit targeting two-factor authentication, preventing a planned mass-scale cyberattack.

Google blocked the first known AI-powered attack on 2FA accounts; here is how hackers tried to break in, know how to stay safe

Foreign hackers attempted a novel AI-powered cyberattack targeting two-factor authentication using a zero-day exploit. Google's Threat Intelligence Group detected and thwarted this sophisticated plot, ...
Internet of People

TrapDoor attack targets crypto wallets, AWS keys and GitHub tokens

The malware spread through npm, PyPI, and Rust packages in coordinated waves. It steals crypto wallets, SSH keys, and cloud developer credentials. AI coding tools were also targeted through malicious ...

Hackers are learning to exploit chatbot ‘personalities’

A prominent exploit was “DAN,” short for “Do Anything Now,” where users asked ChatGPT to roleplay as a rogue AI that was free ...
The Hacker News

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent ...

Who is TeamPCP, the rising hacker group targeting open-source software and AI tools?

TeamPCP is an increasingly notorious group of cybercriminals that carry out software supply chain attacks, where hundreds of open-source tools are corrupted and victims extorted for profit.