Hackaday

This Week In Security: Flatpak Fixes, Android Malware, And SCADA Was IOT Before IOT Was Cool

Rowhammer attacks have been around since 2014, and mitigations are in place in most modern systems, but the team at gddr6.fail has found ways to apply the attack to current-generation GPUs.

CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads

Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve ...
Infosecurity Magazine

Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group

A spear-phishing campaign which spread across the Middle East between 2023 and 2024 has now been linked to Bitter APT group ...

A hacker has allegedly breached one of China’s supercomputers and is attempting to sell a trove of stolen data

A hacker has allegedly stolen a massive trove of sensitive data – including highly classified defense documents and missile ...

Anthropic’s latest AI model could let hackers carry out attacks faster than ever. It wants companies to put up defenses first

Anthropic will make its new AI model available to some of the world’s biggest cybersecurity and software firms in an effort ...
The Hacker News

$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

M stolen after six-month DPRK social engineering campaign began fall 2025, exposing Drift’s contributors and cloud assets.
Cybernews

Mercor confirms cyberattack as hackers claim 4TB of critical data in possession

AI recruiting startup Mercor confirms supply chain attack via LiteLLM library compromise. Hackers claim 4TB of data including ...
SecurityWeek

TeamPCP Moves From OSS to AWS Environments

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...
SecurityWeek

CrewAI Vulnerabilities Expose Devices to Hacking

Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...
Cybernews

Code trust crisis: Is it safe to update your system during an active supply chain attack?

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

Major compromise of the telnyx PyPI library could put millions of users at risk

TeamPCP strikes again, with almost identical code to LiteLLM.
Bleeping Computer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...