The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
Hackaday

Hackaday Podcast Episode 355: Person Detectors, Walkie Talkies, Open Smartphones, And A WiFi Traffic Light

Another chilly evening in Western Europe, as Elliot Williams is joined this week by Jenny List to chew the fat over the ...
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...
Dark Reading

Chinese APTs Hacking Asian Orgs With High-End Malware

Advanced persistent threat (APT) groups have deployed new tools against a variety of targets, highlighting the increasing ...

Act Now—48 Million Gmail Usernames And Passwords Leaked Online

Are your Gmail login credentials amongst the 48 million estimated as exposed in this leak of existing infostealer logs — here's what you need to know.

Panera Bread breach: ShinyHunters claims hack of 14 million customers' data

Should we trust companies with our private data? It's a question some shoppers are asking following high-profile customer data breaches.

New sandbox escape flaw exposes n8n instances to RCE attacks

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.
PCMag on MSN

Proton Pass

Sleek and easy-to-navigate free password management apps for Android and iOS ...

Initial access hackers switch to Tsundere Bot for ransomware attacks

A prolific initial access broker tracked as TA584 has been observed using the Tsundere Bot alongside XWorm remote access ...