The Hacker News

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

CVE-2026-5426 enabled KnowledgeDeliver LMS attacks before February 24, 2026, leading to Cobalt Strike infections.
The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.
The Register-Herald

Scripps National Spelling Bee guide: How to watch, who the notable spellers are, rules and prizes

The Scripps National Spelling Bee runs from Tuesday through Thursday the week. The bee began in 1925, with this year marking ...

In Her Own Words: Channon Kennedy had the tools to develop her tool company

Channon Kennedy, founder and CEO of The Morgan Square tool company, spent more than 26 years in commercial banking before a ...
SecurityWeek

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

Hardcoded machineKey values in a configuration file enabled ViewState deserialization attacks leading to remote code ...
CSO Online

TrapDoor malware campaign puts developer workstations in CISO spotlight

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.

Slutty Vegan founder claims $4 million debt in new bankruptcy filings

Slutty Vegan founder Pinky Cole filed amendments to her bankruptcy case, giving a more comprehensive look at who her ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
Cryptopolitan on MSN

North Korea’s Lazarus turns to fileless malware in new crypto attacks

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and forensic tools to detect.

How the self-employed can stay on track for June 15 tax-filing

The June 15 deadline for self-employed workers to file their income tax returns is approaching, and some clients may need a ...
Decrypt

Perplexity Built a Tool That Checks Your Computer for Infected Software—Without Setting Off the Infection

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...