Storm-2561 is relying on SEO poisoning to distribute fake VPN clients that install trojans and steal users’ credentials.

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

Plus: A porn-quitting app exposed the masturbation habits of hundreds of thousands of users, Russian hackers are trying to take over people’s Signal accounts, and more.

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

New hacking cluster exploits web servers and Mimikatz to infiltrate Asian infrastructure for long-term espionage in aviation, ...

Within hours of US and Israeli strikes hitting Iran on Feb 28, over 50 hacktivist groups aligned with Iranian interests had activated on Te.

Why Passwords Are Still a Developer's Problem in 2026. The case against password-based authentication is well-established in the IAM community, but the practical implications for ...

BlackBox AI, a popular VS Code coding assistant, has a critical indirect prompt injection vulnerability. Hackers can exploit this to gain remote root access to a user’s computer.

Iran-linked MuddyWater hackers breached U.S. networks with new Dindoor malware as regional cyber attacks escalate amid Middle East conflict.

Meta is rolling out a dedicated shopping research mode inside its Meta AI web chatbot for a slice of US desktop users. Search ...

It’s no secret that AI models have come a long way, from tools that can complete high school students’ homework to “vibe coding” assistants that can build entire apps in a fraction of the time it ...

Jake Peterson is Lifehacker’s Tech Editor, and has been covering tech news and how-tos for nearly a decade. His team covers all things technology, including AI, smartphones, computers, game consoles, ...