The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News

An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
WeLiveSecurity

EvilTokens: A phishing attack that doesn’t steal your password

A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing ...
GamingOnLinux

The Arch Linux AUR had over 400 packages compromised with malware

Looks like the Arch Linux AUR (Arch User Repository) needs some better security and package checks - as some malicious users ...
The Hacker News

China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade

Sygnia says Velvet Ant modified Linux PAM and OpenSSH components to steal credentials and maintain stealthy access since 2016 ...
GitHub

lenucksi/aur-malware-check

Detection and analysis tools for the atomic-lockfile supply-chain attack on the Arch User Repository (AUR). This is a collection of all the scattered resources, especially the ones in the detection ...
GitHub

Sehab121/awesome-openclaw-skills-CN

create-agent-skills - Guide for creating effective skills. cto-advisor - Technical leadership guidance for engineering teams cursor-agent - A comprehensive skill for using the Cursor CLI agent ...