Fake job recruiters hide malware in developer coding challenges

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers ...
The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
The Hacker News

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Active React2Shell exploitation uses malicious NGINX configurations to hijack web traffic, targeting Baota panels, Asian TLDs ...
GitHub

milisp/awesome-claude-dxt

mcp-linker - mcp manager, add & syncs MCP server configurations across clients like Claude, Cursor milisp/codexia - The missing GUI for the OpenAI Codex CLI, (FileTree + notepad + git diff) all in a ...
NPR

The Trump administration admits even more ways DOGE accessed sensitive personal data

For much of the last year, staffers who were initially part of the Department of Government Efficiency effort improperly accessed and shared sensitive personal data on millions of Americans. The Trump ...
CNBC

Trump calls for 'immediate negotiations' on Greenland, but rules out using force

President Donald Trump called for "immediate negotiations" with Denmark to "discuss the acquisition of Greenland by the United States." Trump also said for the first time that he would not use ...