The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

動画ダウンローダー「yt-dlp」でBunが非推奨化される、BunのAIコーディング偏重にリスクありとの判断

動画ダウンロードツールの「yt-dlp」でYouTubeの動画をダウンロードする場合は、「Deno」や「QuickJS」などのJavaScriptランタイムを導入することが強く推奨されています。これまでは「Bun」もサポート対象だったのですが、2026年5月21日にBunを非推奨とすることが発表されました。
Arabian Post

InvisibleFerret shift raises developer risks

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...

Toronto City Council votes against Billy Bishop Airport referendum motion

Toronto City Council has voted against a motion asking Ontario to hold a referendum to measure support for the proposed ...
Tech Times

Streambert Streams Free Movies Via Russia-Linked VidSrc Domains: Hollywood Coalition ...

A desktop app that lets users stream any movie, TV series, or anime for free and without ads hit the top of GitHub’s global ...
Hackaday

This Week In Security: AI Generated Reports, More AI Generated Reports, GitHub Chaos, And ...

Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project Zero ...

All bets are off

Regulators face a tough balancing act as Canadians covet the controversial trades that have taken the U.S. by storm ...