SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

ChatGPT is getting a much-needed upgrade for managing your files

OpenAI is rolling out a new Library tab and Recent files menu in ChatGPT, making it easier to find, reuse, and work with files across conversations.
TidBITS

DarkSword Exploit Threatens iPhones Still Running iOS 18

Security researchers have discovered DarkSword, a sophisticated exploit chain targeting iOS 18.4 through 18.7.2. Unlike past spyware aimed at high-profile targets, DarkSword is being surreptitiously ...

Spotify seeks $300M from Anna’s Archive, which ignores all court proceedings

Spotify and major record labels are seeking a $322 million default judgment from Anna’s Archive, which hasn’t responded to ...
The Hacker News

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

GlassWorm uses Solana and Google Calendar dead drops to deliver RAT stealing browser data and crypto wallets, impacting ...
TidBITS

macOS 26.4’s Script Editor Won’t Open Some Older AppleScripts

After upgrading to macOS 26.4, some users found Script Editor refusing to open certain older AppleScripts—even though most of the scripts still ran fine from apps like BBEdit. Here’s how to fix ...

New Infinity Stealer malware grabs macOS data via ClickFix lures

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler.

New Torg Grabber infostealer malware targets 728 crypto wallets

A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them ...