The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

LastPass Issues Critical Warning For Users — Password Attacks Underway

The password attacks started on January 19, according to LastPass, which has now issued a critical warning to all users — ...

149 Million Usernames and Passwords Exposed by Unsecured Database

This “dream wish list for criminals” includes millions of Gmail, Facebook, banking logins, and more. The researcher who ...
Decrypt

North Korea–Linked Hackers Use Deepfake Video Calls to Target Crypto Workers

Hackers are using AI-generated video calls to impersonate trusted contacts and trick crypto workers into installing malware.
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...
PCMag

Database Containing 149M Stolen Passwords From Gmail, Instagram, More Exposes Malware's Reach

A security researcher uncovered an exposed online database that was stockpiling user information likely collected via malware ...