The Hacker News

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

LofyGang resurfaces with LofyStealer disguised as Minecraft hack, exfiltrating IBANs and passwords to 24.152.36[.]241, ...
Nation

How Kenyan girls are shaping the future of ICT

The 21-year-old is the Country Lead for Girls in Robotics Kenya Chapter and co-founder of Space Shift, mentorship roles she ...
Security Boulevard

Vercel Breach: How a Roblox Cheat Download Led to a $2M Data Heist Through AI Tool OAuth Abuse

Vercel breached after attacker compromised Context.ai, hijacked an employee's Google Workspace via OAuth, and accessed ...

Hackers accessed personal information for up to 70,000 people in Canada Life data breach

One of Canada’s largest life and health insurers says a recent data breach has exposed the personal information of up to ...
The Hacker News

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Monday cybersecurity recap on evolving threats, trusted tool abuse, stealthy in-memory attacks, and shifting access patterns.
Computing

Vercel breach linked to third-party tool as hackers claim data theft

Cloud development platform Vercel has confirmed it suffered a security breach, after a threat actor claimed to be selling ...

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe patches a critical PDF flaw exploited for months, allowing attackers to bypass sandbox protections and deliver malware. Users urged to update now.

Canadian companies need access to Anthropic’s Mythos before hackers arrive

Canadian companies, backed by the Bank of Canada and federal regulators, should be pounding the table for the same access to ...
SecurityWeek

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI is one of many organizations affected by the recent Axios supply chain attack attributed to North Korean hackers.
TechCrunch

North Korea’s hijack of one of the web’s most used open source projects was likely weeks in the making

A North Korean cyberattack that last Monday briefly hijacked one of the most widely used open source projects on the web took weeks to carry out as part of a long-running campaign to target the code’s ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...