The Hacker News

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

Worm-driven TeamPCP campaign exploits Docker, Kubernetes, Redis, Ray, and React2Shell to build proxy infrastructure for data theft and ransomware.
CSO Online

Software developers: Prime cyber targets and a rising risk vector for CISOs

From technical compromise to AI-driven attacks, cyber criminals increasingly see software developers as prime targets, creating systemic risks CISOs must address.
The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.

How recruitment fraud turned cloud IAM into a $2 billion attack surface

Adversaries weaponized recruitment fraud to steal cloud credentials, pivot through IAM misconfigurations, and reach AI ...
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
Microsoft

Infostealers without borders: macOS, Python stealers, and platform abuse

How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to ...

AI framework flaws put enterprise clouds at risk of takeover

Two "easy-to-exploit" vulnerabilities in the popular open-source AI framework Chainlit put major enterprises' cloud environments at risk of leaking data or even full takeover, according to ...
GameSpot

Marvel Rivals Developer Is Preparing To Crack Down On This New Exploit

GameSpot may get a commission from retail offers. Marvel Rivals introduced an upgrade to its hero proficiency system last week, allowing players to earn new rewards. Many of these rewards--including ...
Ars Technica

A single click mounted a covert, multistage attack against Copilot

Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed hackers to pluck a host of sensitive user data with a single click on a legitimate URL. The hackers in this case were white ...
Bleeping Computer

Cisco warns of Identity Service Engine flaw with exploit code

Cisco has patched a vulnerability in its Identity Services Engine (ISE) network access control solution, with public proof-of-concept exploit code, that can be abused by attackers with admin ...
PC Gamer

Action RPG players will exploit anything in the name of efficiency, which is why Path of Exile 2 players are locking themselves in the campaign for profit

Third Person Shooter I wish I wasn't missing out on new quests in Arc Raiders just because I'm not willing to grind the old ones every two months Third Person Shooter There's a huge Arc Raiders ...
IGN

See you on the Playground.

Microsoft has confirmed plans for a significant Xbox Developer Direct showcase in January 2026 after a relatively quiet The Game Awards. While Microsoft-owned Blizzard announced the next Diablo 4 ...