LastPass Issues Critical Warning For Users — Password Attacks Underway

The password attacks started on January 19, according to LastPass, which has now issued a critical warning to all users — ...
The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

149 Million Usernames and Passwords Exposed by Unsecured Database

This “dream wish list for criminals” includes millions of Gmail, Facebook, banking logins, and more. The researcher who ...
Decrypt

North Korea–Linked Hackers Use Deepfake Video Calls to Target Crypto Workers

Hackers are using AI-generated video calls to impersonate trusted contacts and trick crypto workers into installing malware.
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...

ShinyHunters claim hacks of Okta, Microsoft SSO accounts for data theft

The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) ...
Cryptopolitan on MSN

Hackers hijack Snap Store accounts to steal crypto from Linux users

Linux users face a new threat as cybercriminals exploit a critical vulnerability in Canonical’s Snap Store, hijacking trusted ...
PCMag

Database Containing 149M Stolen Passwords From Gmail, Instagram, More Exposes Malware's Reach

A security researcher uncovered an exposed online database that was stockpiling user information likely collected via malware ...