Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
VnExpress International on MSN

How a self-taught Vietnamese high schooler built the malware that infected 94,000 computers worldwide

International cybersecurity firms had been tracking a sophisticated malware strain called PXA Stealers for months, tracing it ...
The Hacker News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
PCMag

The Power of Plain English: Build Professional Apps With Base44

With the arrival of the Base44 vibe-coding platform, natural language could be the new language of software development.
Security Boulevard

That “job brief” on Google Forms could infect your device

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain.
Security Boulevard

Fake Temu Coin airdrop uses ClickFix trick to install stealthy malware

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.
GitHub

qora-protocol/QORA-TTS-12Hz-0.6B

Pure Rust TTS engine with 9 built-in speakers. No Python, no CUDA, no external ML frameworks. Single executable + model weights = portable text-to-speech that runs on any machine.