The Hacker News

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...

Mosyle identifies two new macOS threats invisible to antivirus engines

After exclusively sharing details with 9to5Mac last September on ModStealer, a cross-platform infostealer invisible to every major antivirus engine ...

Lazarus-linked macOS malware hits crypto and fintech firms

Lazarus Group is targeting fintech and crypto executives using macOS through a new malware kit delivered via social ...
Security Boulevard

Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer ...
The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...
CNET

Malware Is Scary. Here's CNET's Guide to Cleaning an Infected Laptop

Every data-stealing virus requires a unique approach, but these are the essential first steps for reclaiming an infected ...

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Hackers are abusing n8n workflows to deliver malware and evade detection, according to Cisco Talos, using trusted automation ...

Self-propagating malware poisons open source software and wipes Iran-based machines

A new hacking group has been rampaging the Internet in a persistent campaign that spreads a self-propagating and never-before ...
Forbes

Malware 2.0: 7 Strategies To Outsmart A Smarter Adversary

Global cybercrime costs are expected to grow by 15 percent per year over the next five years—with malware and ransomware driving a significant portion. Malware has been part of the cybersecurity story ...
Fox News

Malware exposes 3.9 billion passwords in huge cybersecurity threat

We saw a rise in infostealer malware in 2024, with hackers using it to steal credentials, cryptocurrency and other personal data from millions of users. If you recall, I reported countless incidents ...
TweakTown

HWMonitor and CPU-Z download links were infected with malware for 6 hours before devs caught it

The devs were quick to remove the malware, as millions of users rely on these to track temperatures, voltages, fan speeds, ...

Sonatype Releases Q1 2026 Open Source Malware Index: Trust Abuse Most Successful Attack Vector

Backed by Sonatype's industry-leading security research team, Sonatype Repository Firewall helped customers prevent 136,107 open source malware attacks in Q1. To explore the full findings from the Q1 ...