The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
The Hacker News

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

CVE-2026-41940 exploitation by 2,000 IPs enabled Filemanager backdoor attacks, causing credential theft and persistent access ...
Decrypt

Fake OpenAI Repo Hit #1 on Hugging Face—And Stole Passwords While It Trended

A fake repo impersonating the OpenAI Privacy Filter model racked up 244,000 downloads in under 18 hours before Hugging Face ...
Dark Reading

Cyber Espionage Group Targets Aviation Firms to Steal Map Data

The attacks compromise aerospace and drone firms' systems to exfiltrate GIS files, terrain models, and GPS data to gain a clear picture of analysts' intel.

'ClickFix' attack tricks users into hacking themselves, ACSC warns

ClickFix relies on tricking users into essentially hacking themselves by running commands that compromise their computers. In ...
MUO on MSN

6 Obsidian plugins that made me never look at another note-taking app again

Obsidian is good on its own, but these plugins made it even better for me.
theregister

GNOME may rule Ubuntu Resolute Raccoon, but X.org isn't roadkill yet

FEATURE: Ubuntu doesn't just mean GNOME – or Wayland. Alongside the default edition of Ubuntu 26.04 last week, editions with ...
Visual Studio Magazine

Use JavaScript Code from One File in Another File with IntelliSense

If you have a JavaScript (*.js) file containing code, it's not unusual for your code to reference code held in another JavaScript file. If you're using more recent versions of Visual Studio, you'll ...

Chrome downloads a 4GB AI file without user consent, researcher alleges

If you've paid any attention to Google lately, you know that it wants us using its AI tools. So much so that Chrome ...

JDownloader site hacked to replace installers with Python RAT malware

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...

Chrome silently downloads a 4GB AI model. Here’s how to remove it

You can nix Chrome's 4GB local AI model in just a few clicks, but you'll lose some functionality in the process.