TechSpot

Hackers are using fake coding jobs to spread malware through GitHub

Cutting corners: The code looked harmless. A GitHub repository, a small freelance task, and a standard request sent over LinkedIn to a blockchain engineer: run this snippet, fix a few bugs, get paid.
PC Magazine

Malware Is Sleeping on the Blockchain, and It's Already Infected Dozens of Global Targets

It started with a work offer. Last year, the blockchain crime-detection firm Crystal Intelligence’s then-vice president of engineering received a LinkedIn message from a man asking if he would be up ...
FierceBiotech

Earendil pens $885M pact to use WuXi XDC's linker tech for next-gen ADCs

Artificial intelligence research biotech Earendil Labs has penned an $885 million deal to use WuXi XDC’s linker-payload technology to create next-gen antibody-drug conjugates. WuXi XDC spun off from ...
Bleeping Computer

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns. ClickFix attacks ...
IEEE

Lightweight and High-Payload Robotic Gripper Using Shape-Memory-Alloy Actuator and Self-Locking Mechanism

Abstract: This study proposes a novel lightweight robotic gripper with a high-payload capacity using shape-memory-alloy (SMA) actuators and a self-locking mechanism. The multi-joint fingers of the ...
Bleeping Computer

Hackers exploit critical React Native Metro bug to breach dev systems

Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux. On Windows, an ...
Carscoops

Toyota Debuts Electric Pickup For Europe, And It’s Just The Beginning

The Hilux has spent decades surviving anything the world throws at it, from mud and floods to plummeting from a Top Gear crane – though not being dropped from a helicopter. Now Toyota is testing its ...
SecurityWeek

RondoDox Botnet Exploiting React2Shell Vulnerability

In December, the botnet’s operators focused on weaponizing the flaw to compromise vulnerable Next.js servers. The targeted security defect, tracked as CVE-2025-55182, impacts systems relying on ...
Ars Technica

Admins and defenders gird themselves against maximum-severity server vuln

Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in React Server, an open-source package that’s widely used by websites ...
Dark Reading

ShadowRay 2.0 Turns AI Clusters into Crypto Botnets

A threat actor is actively exploiting a known, but disputed, remote code execution (RCE) vulnerability in the open source Ray framework to hijack AI compute infrastructure and using it to attack other ...
SpaceNews

Semiconductor startup to fly payloads on Falcon 9 boosters

A SpaceX Falcon 9 booster lands after launching the Sentinel-6 mission for NASA and the European Space Agency Nov. 21, 2020. Credit: SpaceX WASHINGTON — A startup plans to test technology to produce ...
The Hacker News

Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack

The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on ...