Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

Researchers linked 108 malicious Chrome extensions to a coordinated campaign that exposed about 20,000 users to data theft, ...

Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware ...
The Hacker News

NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs

NGate abuses HandyPay in Brazil since Nov 2025, stealing NFC data and PINs to enable ATM fraud and unauthorized payments.

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.