The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...
AARP

Medicare Names 15 New Drugs for Third Round of Cost-Cutting Price Negotiations

Lower prices from the third round of talks among Medicare and manufacturers will be announced in the fall but won’t go into ...

Hackers are using LLMs to build the next generation of phishing attacks

What if a phishing page was generated on the spot?
InfoWorld

OpenSilver 3.3 runs Blazor components inside XAML apps

New version of the open-source replacement for Microsoft Silverlight also brings support for .NET 10 and C# 14.
Security Boulevard

Detecting browser extensions for bot detection, lessons from LinkedIn and Castle

Modern bot detection rarely deals with obviously fake browsers. Most large-scale automation today runs inside browser ...
The Hacker News

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

GootLoader malware is abusing malformed ZIP archives that bypass common tools like WinRAR & deliver JavaScript payloads via ...
AARP

West Virginia Voters Want Lawmakers to Implement Better Protections Against Cryptocurrency Kiosk and Real Estate Fraud

An overwhelming majority of West Virginia registered voters support a range of protections against fraud and scams that use ...

Five moments in the Alex Pretti shooting that raise red flags for policing experts

Policing experts were unanimous in saying that the situation probably could have been avoided by employing basic policing tactics that prioritize public safety and communication.
CSO Online

AI-powered polymorphic attack lures victims to phishing webpages

A new breed of malware uses various dynamic techniques to avoid detection and create customized phishing webpages.
SecurityWeek

Chrome, Edge Extensions Caught Stealing ChatGPT Sessions

LayerX discovered 16 extensions in the Chrome Web Store and Microsoft Edge Add-ons marketplace that steal users’ ChatGPT ...
CSO Online

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...

New Android malware uses AI to click on hidden browser ads

A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact ...