The Hacker News

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

Ghostwriter’s March 2026 Ukraine attacks use PDF lures and geofencing to deploy Cobalt Strike on government targets.
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
CSO Online

Expired domain leads to supply chain attack on node-ipc npm package

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...
CSO Online

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

Belarus-aligned FrostyNeighbor attacks Ukrainian government, again — ESET Research discovers

FrostyNeighbor, a long-running cyberespionage actor apparently aligned with the interests of Belarus, has been active recently in campaigns ...

Iraqi man charged in NYC synagogue plot after attacks in Canada and Europe

Mohammad Baqer Saad Dawood Al-Saadi is also accused in an attacks on a synagogue and the U.S. consulate in Toronto ...
EconoTimes

OpenAI Finds No Evidence of User Data Breach in TanStack npm Supply-Chain Attack

OpenAI confirmed on Wednesday that it found no evidence suggesting user data was compromised following a security incident ...
Dark Reading

'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine

A known Belarussian cyber-espionage group is back with a threat campaign against targets in Eastern Europe that uses spear-phishing to deliver malicious payloads to Eastern European government and ...

Business Journal editor talks heart attack, history and the Hutt

The editor ignored symptoms at first, then remembered his father's fatal heart attack 31 years earlier. A cardiologist called ...

Tree of Life moves forward with construction on redesigned campus after 2018 attack

The interior has been largely demolished, but the original sanctuary walls will be preserved. Construction crews are ...

Microsoft backpedals: Edge to stop loading passwords into memory

Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at ...