The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
Forbes

Instagram Password Reset Attacks — What You Need To Know And Do Now

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This surprise Instagram message could signal an attack attempt ...
AOL

Instagram password reset attacks — What you need to check right now

Instagram users worldwide are receiving unexpected password reset emails, and they should be cautious before clicking or responding, as cybercriminals may be exploiting the platform’s user base ...

New sandbox escape flaw exposes n8n instances to RCE attacks

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.
Burlington Post

Did you get a random Instagram password reset email? How to check if security alerts are legit

If you are one of thousands of Canadians who received Instagram reset emails this past weekend, here’s why Meta says you shouldn’t click on the link. Plus, what you can do to check if the reset emails ...
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...