Dark Reading

UNC6692 Combines Social Engineering, Malware, Cloud Abuse

A newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom "Snow" malware in a multipronged ...
SecurityWeek

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware

UNC6692 relies on email bombing and social engineering to infect victims with Snow malware: Snowbelt, Snowglaze, and ...
How-To Geek on MSN

The tiny open-source apps that somehow became essential (and you've probably never heard of them)

Stop using bloated tools—these 5 tiny open-source apps quietly solve problems nobody else bothers to fix and do more with ...
The Hacker News

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

DEEP#DOOR embeds a Python RAT in a dropper script, using bore[.]pub C2 to steal credentials and evade Windows defenses, ...
OS X Daily

How to Find Compromised & Reused Passwords on iPhone, iPad, and Mac

The Passwords app, Apple’s built-in password manager for Mac, iPhone, and iPad, not only stores your logins and passwords for ...

Passkeys Are the New Passwords. You Should Start Using Them Now.

Two-factor authentication was the next bandage on the gaping wound of passwords. With 2FA protecting you, an attacker could ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

The most severe Linux threat to surface in years catches the world flat-footed

Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of ...
Hosted on MSN

PyTorch Lightning breach and Apple iOS patch highlight urgent security risks

On April 30, 2026, malicious code was discovered in PyTorch Lightning versions 2.6.2 and 2.6.3, stealing credentials during installation and potentially enabling further supply chain attacks. The same ...

New Linux ‘Copy Fail’ flaw gives hackers root on major distros

An exploit has been published for a local privilege escalation vulnerability dubbed "Copy Fail" that impacts Linux kernels ...
Hackaday

This Week In Security: State Malware, State Hardware Bans, And Stuxnet Before Stuxnet Was Cool

Making headlines everywhere is the CopyFail Linux kernel vulnerability, which allows local privilege escalation (LPE) from any user to root privileges on most kernels and distributions. Local ...