The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

How to keep your PC encryption key safe - from Microsoft and the FBI

How to keep your PC encryption key safe - from Microsoft and the FBI ...
Microsoft

Case study: Securing AI application supply chains

This case study examines how vulnerabilities in AI frameworks and orchestration layers can introduce supply chain risk. Using ...

From Cipher to Fear: The psychology behind modern ransomware extortion

Modern ransomware has shifted from encryption to psychological extortion that exploits fear, liability, and exposure. Flare ...

Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.