The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
LGBTQ Nation on MSN

“Heated Rivalry” downloads surge by 529% after NYC Mayor Mamdani told people to read it

People are even signing up for public library cards in droves to get a chance to read this book.

Australia has banned social media for kids under 16. How does it work?

Australia's government said the ban would reduce the negative impact of social media's "design features that encourage [young ...

Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
Cyber Daily

Taking more than just a pen: Rise in data theft from outgoing employees calls for strengthened security

Leaving a job might see a cardboard box being filled with picture frames and notebooks, but what is increasingly leaving with ...
MIT Technology Review

The Download: A bid to treat blindness, and bridging the internet divide

This is today's edition of The Download, our weekday newsletter that provides a daily dose of what's going on in the world of technology.
The Hacker News

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

Google confirms nation-state and cybercrime groups exploit a patched WinRAR flaw to gain persistence and deploy malware via ...