Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...

Heroic former PC Gamer writer creates a script to banish all the AI features from Google Chrome

Wes has been covering games and hardware for more than 10 years, first at tech sites like The Wirecutter and Tested before joining the PC Gamer team in 2014. Wes plays a little bit of everything, but ...

New Android malware uses AI to click on hidden browser ads

A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact ...
The Hacker News

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.
The Hacker News

Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack

Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ...
Polygon

Rainbow Six Siege hackers pull a Robin Hood, give players billions in in-game currency

Imagine booting up your favorite game and seeing an impossible number of credits under your account. We're talking "you could buy the entire storefront every day for years on end" type of money. Well, ...
Wired

The Worst Hacks of 2025

It was a strange year in cyberspace, as US president Donald Trump and his administration launched foreign policy initiatives and massive changes to the federal government that have had significant ...
Mashable

Ubisoft takes 'Rainbow Six Siege' offline after significant hack

Ubisoft shut down the servers for Tom Clancy's Rainbow Six Siege X for more than 24 hours after suffering a massive systems breach over the weekend. Hackers reportedly gained access to the ...