The Hacker News

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.
The Hacker News

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...
MUO on MSN

I've tried every Windows launcher — and this is the first one that actually changed how I use my PC

I’ve used plenty, but this one rewired my daily workflow.
Hackaday

Reverse-Engineering The Holy Stone H120D Drone

There are plenty of drones (and other gadgets) you can buy online that use proprietary control protocols. Of course, ...

New Infinity Stealer malware grabs macOS data via ClickFix lures

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler.
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
Microsoft

WhatsApp malware campaign delivers VBScript and MSI backdoors

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack ...
WESH

Troopers looking for person who caused crash that left 3 dead in I-4 hit-and-run

THERE. HAPPENING RIGHT NOW, STATE TROOPERS ARE SCOURING THE AREA LOOKING FOR A PERSON WHO DROVE OFF FROM A CRASH THAT KILLED THREE PEOPLE. HERE’S WHERE IT HAPPENED ALONG I-4 IN VOLUSIA COUNTY. WESH ...

Banned in Its Own Country and Filmed in Secret, the Best Thriller of 2024 Is Finally on Streaming

Iranian filmmaker Mohammad Rasoulof was targeted by the government prior to the premiere of his film The Seed of the Sacred Fig.