The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...
theregister

Crime crew impersonates help desk, abuses Microsoft Teams to steal your data

A previously unknown threat group using tried-and-tested social engineering tactics - Microsoft Teams chat invitations and helpdesk staff impersonation - is also using custom malware in its ...
Security Boulevard

SAML vs OIDC vs OAuth: The 60-Second B2B Playbook

TL;DR (read this first): OAuth 2.0 is authorization (a valet key for APIs). OIDC is authentication built on top of OAuth 2.0 (modern login for web, mobile, and SPAs). SAML 2.0 is a separate, XML-based ...
Bleeping Computer

New Infinity Stealer malware grabs macOS data via ClickFix lures

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. The attack uses the ClickFix ...
SecurityWeek

Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

macOS users are targeted in a fresh ClickFix campaign that uses a Cloudflare-themed verification page to deliver a Python-based information stealer, Malwarebytes reports. The attack starts with a fake ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

On March 19, 2026, Trivy, Aqua Security’s widely used open-source vulnerability scanner, was reported to have been compromised in a sophisticated CI/CD-focused supply chain attack. Threat actors ...
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

Microsoft Defender Experts has observed the Contagious Interview campaign, a sophisticated social engineering operation active since at least December 2022. Microsoft continues to detect activity ...
Infosecurity-magazine.com

VVS Stealer Uses Advanced Obfuscation to Target Discord Users

A Python-based malware family known as VVS stealer has been observed using advanced obfuscation and stealth techniques to target Discord users and extract sensitive ...
The Hacker News

Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named ...
GitHub

Teradata SQL Driver for Python

This package enables Python applications to connect to the Teradata Database. This package implements the PEP-249 Python Database API Specification 2.0. This package requires 64-bit Python 3.7 or ...
Bleeping Computer

Critical Docker Desktop flaw lets attackers hijack Windows hosts

A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. The ...