The Hacker News

New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

Researchers detail REF8372, a malvertising campaign using fake Node.js ads, Storj-hosted payloads, and OXLOADER to deploy ...

Microsoft warns users of 'Crypto Clipper' malware spread via USB drives

Microsoft Threat Intelligence is warning Windows users about a cryptocurrency clipper strain of malware transmitted via USB drives. The malware, which has been affecting users since February, steals ...
Security Boulevard

SmartApeSG Launches Okendo Reviews Supply Chain Attack

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
Hosted on MSN

Node-IPC supply chain attack targets crypto devs

Three poisoned versions of node-ipc went live on the npm registry on May 14, according to SlowMist. Attackers hijacked a dormant maintainer account and pushed code designed to siphon developer ...
Milwaukee Journal Sentinel

DNR backup diesel generator review for AI data center sparks criticism

Neighbors of Port Washington's $15 billion AI data center and advocacy groups are voicing public health and environmental concerns about plans for backup diesel generators at the site under review by ...
CSOonline

North Korean fake IT worker tradecraft exposed

GitLab exposes abuse of its platform to trick software developers into downloading malicious payloads and finance companies into hiring North Koreans. Research from GitLab has exposed the latest ...
Business Wire

ThreatDown Uncovers First Cyber Attack Abusing Deno JavaScript Runtime for Fileless Malware Delivery

ThreatDown’s EDR team discovered a sophisticated, multi-stage attack chain during an active investigation; the first documented case of attackers abusing the Deno runtime as a malware execution ...
LinkedIn

Enabling Code Obfuscation in Expo React Native: R8 Shrinking & Obfuscation

No one can ignore it — Expo is now the first choice for React Native projects. With its managed workflow, config plugins, and seamless developer experience, more teams are adopting Expo for production ...
Infosecurity-magazine.com

New BeaverTail Malware Variant Linked to Lazarus Group

A newly observed variant of the BeaverTail malware has been tied to hackers associated with North Korea. The findings come from Darktrace’s latest The State of Cybersecurity report, which links ...