CSO Online

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
来自MSN

White House app found with hidden GPS tracking, weak security

A security researcher’s decompilation of the White House’s official mobile app uncovered hidden GPS tracking, insecure code practices, and risky third‑party dependencies. The app transmits location ...
Morning Overview on MSN

Malicious open-source packages surge 73% in 2026 as threat actors weaponize the software ...

In the first five months of 2026, security researchers have flagged more malicious packages on the npm registry than in all ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
Gizmodo

Source Code for Anthropic’s Claude Code Leaks at the Exact Wrong Time

Anthropic just cannot keep a lid on its business. After details of a yet-to-be-announced model were revealed due to the company leaving unpublished drafts of documents and blog posts in a publicly ...
Beebom

Roblox Squid Game X Codes (February 2026)

Anyone who has watched Squid Game knows the intense pressure to survive in the game show. And while you can’t get that in real life (and I hope you don’t), the new Squid Game X on Roblox gets you ...
blockchain

Reverse Engineering Obfuscated Code: @alice_und_bob Details Practical Methods for Interface ...

According to @alice_und_bob, the workflow to get an opaque system working included buying books, asking an uncle, throwing function calls at obscure interface definitions until they worked, studying ...
adtmag.com

Mojang Studios to Remove Code Obfuscation from Minecraft Java Edition

Mojang Studios announced Tuesday it will eliminate code obfuscation in Minecraft: Java Edition, marking a significant shift in how the company distributes the game to its modding community. The change ...
winbuzzer.com

Minecraft to Remove Code Obfuscation, Boosting Its Massive Modding Community

Mojang is making a major change for its massive modding community. On October 29, the developer announced it will stop scrambling, or obfuscating, the code for Minecraft: Java Edition. For over 15 ...
barrie360

(Updated) Ford government obfuscated Greenbelt records through code words: commissioner

Ontario Premier Doug Ford's government broke its legal, record-keeping obligations amid its now-reversed decision to open up parts of the protected Greenbelt lands for housing, the province's ...
Cyber Wire

Hijacking wallets with malicious patches.

Lucija Valentic: This malicious npm package puts malicious payload inside other locally installed software, Atomic Wallet and Exodus, in this case, so malicious payload is still there. That means once ...