This weekly recap brings those stories together in one place. No overload, no noise. Read on to see what shaped the threat ...

Researchers uncovered 27 malicious npm packages used over five months to host phishing pages that steal credentials from ...

AI-driven attacks leaked 23.77 million secrets in 2024, revealing that NIST, ISO, and CIS frameworks lack coverage for ...

China-linked Evasive Panda used DNS poisoning to deliver the MgBot backdoor in targeted espionage attacks from 2022 to 2024.

High-severity CVE-2025-14847 allows unauthenticated attackers to read uninitialized heap memory in MongoDB due to a zlib ...

A critical LangChain Core vulnerability (CVE-2025-68664, CVSS 9.3) allows secret theft and prompt injection through unsafe ...

Weekly roundup exploring how cyber threats, AI misuse, and digital deception are reshaping global security trends.

A new MacSync macOS stealer spreads via a signed, notarized fake installer, bypassing Apple Gatekeeper before Apple revoked ...

A malicious npm package posing as a WhatsApp API intercepts messages, steals credentials, and links attacker devices after 56 ...

Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites | Read more hacking news on The Hacker News ...

The US Justice Department seized a domain used to steal bank logins, causing $14.6 million in losses from 19 US victims.

Critical n8n flaw CVE-2025-68613 (CVSS 9.9) lets authenticated users run arbitrary code; versions 0.211.0–1.120.4 affected, ...