JDownloader site hacked to replace installers with Python RAT malware

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...

7 Days: JDownloader got hacked, Chrome downloading 4GB file, and Steam Controller sold out7 Days: JDownloader got hacked, Chrome downloading 4GB file, and Steam Controller sold ...

Our '7 Days' weekly tech roundup brings the juiciest announcements. Read about Edge browser handling passwords in plaintext, JDownloader getting hacked, and the TAB key.

SilverFox targets users in India with fake IT department phishing attacks

Cybersecurity firm Kaspersky attributed a global wave of phishing attacks to the SilverFox threat group masquerading as tax ...
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
Visual Studio Magazine

VS Code Preview: Python in the Browser, Executed by WebAssembly

In the December update to Python in Visual Studio Code, developers can experiment with a new preview feature that lets them run and debug Python code in the browser. What's more, developers have to ...
The Hacker News

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

PCPJack steals credentials via 6 Python modules exploiting 5 CVEs, enabling cloud spread and fraud-driven attacks.
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...

I tested whether Gemini, ChatGPT, and Claude can analyze videos - this one wins

Can AI really watch video, or does it just fake it? I tested my favorite AI tools on YouTube clips and local files to find ...
The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.
Security Boulevard

Capsule Security Analysis Details Scope of Vulnerable AI Agent Attack Surface

Report reveals alarming security gaps in AI agents. Capsule Security analysis finds 402,599 unique AI agent hosts are reachable from the public internet. Worse, most are deployed without default ...

Fake Windows update installs hidden malware

Scammers built a convincing fake Windows update site that installs password-stealing malware. Learn how the multi-stage attack works and how to stay safe.
WeLiveSecurity

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via ...