The Hacker News

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

Ghostwriter’s March 2026 Ukraine attacks use PDF lures and geofencing to deploy Cobalt Strike on government targets.

Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them

A new infostealer variant targets macOS users by spoofing Apple, Microsoft, and Google and then then gets to work searching ...
The Caledonian-Record

Enveric Biosciences Expands IP Portfolio with New U.S. Patent Issued for Methods of Treating Psychiatric Disorders

Enveric Biosciences (NASDAQ: ENVB) (“Enveric” or the “Company”), a biotechnology company advancing novel neuroplastogenic small-molecule therapeutics to address psychiatric and neurological disorders, ...

Google accidentally published a four-year-old Chromium security bug, then tried to hide it again

Google recently published – and then quickly hid – a potentially dangerous bug found in the Chromium web browser. The ...

Belarus-aligned FrostyNeighbor attacks Ukrainian government, again — ESET Research discovers

FrostyNeighbor, a long-running cyberespionage actor apparently aligned with the interests of Belarus, has been active recently in campaigns ...
Dark Reading

'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine

A known Belarussian cyber-espionage group is back with a threat campaign against targets in Eastern Europe that uses spear-phishing to deliver malicious payloads to Eastern European government and ...
CSO Online

Expired domain leads to supply chain attack on node-ipc npm package

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...
Hosted on MSN

iOS 26 and Edge 146 Power Users Lock Down Their Privacy

In 2026, the battle for digital privacy has moved from a niche concern to a daily necessity. Apple’s iOS 26 has hardened App Tracking Transparency with new developer constraints, while Microsoft Edge ...

PCI DSS Compliance

Data Security Standard (DSS), issued by the PCI Security Standards Council (SSC), which establishes technical and operational requirements to protect cardholder data and promote consistent security ...
Security Boulevard

Hidden Risks Behind HTTP Request Smuggling

Web applications rely on multiple layers of infrastructure to process user requests efficiently. Load balancers, reverse proxies, caching servers, and application servers all work together to improve ...
Tom's Hardware on MSN

Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials

Microsoft says attackers compromised the mistralai PyPI package with malware that executed on import, while researchers link ...