The Hacker News

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

PCPJack steals credentials via 6 Python modules exploiting 5 CVEs, enabling cloud spread and fraud-driven attacks.

Elite corporate lawyers accused of earning millions on insider trading, using bizarre code like, ‘How’s the rabbi?’

A ring of elite corporate lawyers were accused of illegally trading on inside info about blockbuster deals over a decade, ...

How to Install OpenAI Codex on Windows with Security Measures

Learn how to install OpenAI Codex on Windows, with essential security measures to protect your API keys, system, and ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
Microsoft

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

Microsoft Defender Research observed a large-scale credential theft campaign that exemplifies this trend, using code of ...

'PCPJack' cloud worm hijacks TeamPCP hacker infrastructure

Named PCPJack, the framework was discovered on April 28 by a hunting rule on Google's VirusTotal malware scanning service ...
The Hacker News

âš¡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

Critical cPanel flaw under attack, Copy Fail Linux privilege escalation, TeamPCP supply chain campaign, GitHub RCE & major ...
CSO Online

Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs

A previously undocumented .NET trojan and its companion Pheno plugin allow attackers to capture mobile authentication codes ...
eWeek

GM Swaps Google Assistant for Gemini in 4M Cars

General Motors is rolling out Google's Gemini AI assistant to about 4 million 2022-and-newer Cadillac, Chevrolet, Buick, and ...

U.S. government warns of severe CopyFail bug affecting major versions of Linux

U.S. cybersecurity agency CISA says the CopyFail bug is being actively used in hacking campaigns, and poses a major risk to servers and datacenters that rely on Linux.
WeLiveSecurity

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via ...

OpenAI Brings GPT-5.5 To AWS Bedrock As Microsoft Exclusive Era Ends

OpenAI Goes Live On AWS Bedrock As Microsoft Exclusivity Officially Ends. It took less than 24 hours to get on AWS.