The Hacker News

$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

M stolen after six-month DPRK social engineering campaign began fall 2025, exposing Drift’s contributors and cloud assets.
SecurityWeek

CrewAI Vulnerabilities Expose Devices to Hacking

Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...

‘Hack Yourself’ Apple Attack Steals Mac Passwords

A newly discovered attack sandbags Apple users into hacking themselves. Here’s what all Mac users need to know.

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...

Uh Oh—New ‘Hack Yourself’ Apple Mac Attack Can Steal Your Passwords

A newly discovered attack sandbags Apple users into hacking themselves. Here’s what all Mac users need to know.
SecurityWeek

TeamPCP Moves From OSS to AWS Environments

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...

How I used Gemini to replace YouTube's missing comment alerts - in under an hour

How I used Gemini to replace YouTube's missing comment alerts - in under an hour ...
Dark Reading

Wartime Usage of Compromised IP Cameras Highlight Their Danger

Russia, Iran, Israel, Ukraine, and the US have all exploited IP-connected cameras to 'see' monitor adversaries, and private ...
Hackaday

Turning A Bluetooth Caliper Into A FreeCAD Input Device

It’s a common ritual: whipping out those calipers or similar measuring devices to measure part of a physical object that ...

TeamPCP deploys Iran-targeted wiper in Kubernetes attacks

The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script that wipes all machines when it detects ...