The Hacker News

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Researchers uncover wormable XMRig campaign using BYOVD exploit and LLM-built React2Shell attacks hitting 90+ hosts.

Here is how Microsoft is improving PowerShell and Windows OpenSSH in 2026

Microsoft is gearing up for big PowerShell and Windows OpenSSH changes in 2026, but security will come before flashy new features.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
InfoWorld

WinterTC: Write once, run anywhere (for real this time)

The unified JavaScript runtime standard is an idea whose time has come. Here’s an inside look at the movement for server-side JavaScript interoperability.
Infosecurity Magazine

Fraud Investigation Reveals Sophisticated Python Malware

A sophisticated Python-based malware deployment uncovered during a fraud investigation has revealed a layered attack ...
CSO Online

New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads

The Arkanix infostealer combines LLM-assisted development with a malware-as-a-service model, using dual language implementations to maximize reach and establish persistence.
InfoWorld

GlassFish 8 Java server boosts data access, concurrency

Update implements Jakarta EE 11 platform and brings support for Jakarta Data repositories and virtual threads.

Moderne adds Python support to its OpenRewrite code refactoring platform

According to Moderne, this extends OpenRewrite coverage from backend and frontend application code into the data and AI layer ...