The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
How-To Geek on MSN

Excel finally fixed its worst problems—but you're still using the old workarounds

Excel has quietly gained dynamic arrays, XLOOKUP, Power Query, and Python, yet many still work the old way.

Critical vulnerability in Ruby's standard library ERB:attackers can execute code

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install ...

What to know about how a suspect in the killing of 2 Florida students used ChatGPT

Prosecutors have revealed that a suspect in the deaths of two University of South Florida students asked ChatGPT about body ...

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...