The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
InfoWorld

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

Windows 11 can still run the PC games you grew up with. Here’s how

Do you still have old applications or games that are no longer supported by current Windows PCs? We'll tell you how to get ...

You Might Have Fallen For This CAPTCHA Scam Without Realizing — Here's What To Do Now

Security experts reveal how easy it is to get fooled by this scam and what to do if you think you've been targeted.
The Hacker News

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

GitHub facades and Ethereum smart contracts power a March 2026 admin-targeted campaign, enabling resilient C2 rotation and ...
Microsoft

ClickFix campaign uses fake macOS utilities lures to deliver infostealers

Threat actors are targeting macOS users with fake utility fixes that trick them into running malicious Terminal commands.
Bitdefender

ClickFix Campaign Uses Compromised WordPress Sites to Spread Vidar Stealer in Australia

Cybercriminals are increasingly relying on social engineering instead of traditional exploits, and Australian authorities are ...

From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...
Digital Trends

Do not fall for this fake Windows update support site. It’s spreading a password-stealing malware

If a website tells you to manually install a “Windows update” from a big blue download button, close that tab immediately. Malwarebytes has just spotted a fake Microsoft support website ...
Arabian Post

Fake meetings fuel crypto malware raids

A fake video meeting can now be enough to breach a Web3 company, with North Korea-linked BlueNoroff hackers using bogus Zoom calls, clipboard tricks and fileless PowerShell malware to steal ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...