The Hacker News

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

DRILLAPP JavaScript backdoor targets Ukraine in Feb 2026, abusing Edge debugging features to spy via camera, microphone, and ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
XDA Developers on MSN

Google kept featuring this Chrome extension for months after it turned malicious

How can an extension change hands with no oversight?
XDA Developers on MSN

I've been vibe-coding my own Chrome extensions, and I can't stop

More fun than it should be, honestly.
Cybernews

Threat actors linked to Russia target Ukrainian entities with new backdoor

The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear, a group tracked by Microsoft as Void Blizzard.
9to5Google

Your favorite image-saving Chrome extension was scraping your data for cash

Seemingly out of nowhere, the “Save image as Type” Chrome extension was marked for removal, with Google warning users ...

Popular Chrome extension "Save Image as Type" was hijacked, impacting over 1 million users

Google delisted the image conversion tool earlier this month, but not before it had likely been modifying thousands of users' ...

This popular image-saving Chrome extension was just flagged as malware

Honey-like affiliate hijack in question ...
Nature

Submission guidelines

For a definitive list of which limits are mandatory please visit the submission checklist page. We allow the use of up to 6 keywords/key phrases that can be used for indexing purposes. These should ...