Hackaday

This Week In Security: Flatpak Fixes, Android Malware, And SCADA Was IOT Before IOT Was Cool

Rowhammer attacks have been around since 2014, and mitigations are in place in most modern systems, but the team at gddr6.fail has found ways to apply the attack to current-generation GPUs.
Security Boulevard

This fake Windows support website delivers password-stealing malware

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

ChromeOS Flex gets a $3 USB installer to revive aging Windows PCs

Google has partnered with Back Market, a company specializing in refurbished tech products, to bring ChromeOS Flex to even ...

Google Introduces $3 ChromeOS Flex Kit for 500M Windows 10 Users

Google and Back Market’s $3 ChromeOS Flex USB Kit offers Windows 10 users a low-cost way to revive older PCs as support winds ...

Why Running Google’s Gemma 4 Locally Is Easier Than You Think

Gemma 4 setup for beginners: download and run Google’s Apache 2.0 open model locally with Ollama on Windows, macOS, or Linux via terminal commands.
PCMag

Windows Secure Boot Certificates Expire in June. How to Verify Your PC Is Updated

Microsoft is also updating the Windows Security app with a status indicator that will let users know whether their Windows 10 ...
MUO on MSN

Windows app development is broken and it's affecting every program you use

Thirty years of bad decisions finally caught up with your Task Manager ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
Microsoft

WhatsApp malware campaign delivers VBScript and MSI backdoors

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack ...
PCMag

Hacker Tries to Spread Malware to Millions by Hitting 'Axios NPM' Software

Axios functions as pre-built software that a developer can easily incorporate into a JavaScript project. However, a hacker ...

Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...
Cybernews

Code trust crisis: Is it safe to update your system during an active supply chain attack?

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...