The Most Potent Weapon in Russia’s Disinformation War

Storm-1516 campaign uses fabricated videos, phony websites and anonymous influencers to spread tales about election fraud, corruption and sexual abuse.

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

What time is the 2026 Kentucky Derby draw? Here’s when post positions will be revealed

Excitement grows as the 2026 Kentucky Derby approaches. Here is how to watch the post position draw on April 25.

Crime crew impersonates help desk, abuses Microsoft Teams to steal your data

A previously unknown threat group using tried-and-tested social engineering tactics - Microsoft Teams chat invitations and ...

There’s no rogue McDonald’s AI bot, but ‘prompt injection’ is still a risk for companies

People hacking branded AI bots can result in significant reputational, financial, and legal consequences. There appears to be ...

Why are top university websites serving porn? It comes down to shoddy housekeeping.

Finding hijacked subdomains is straightforward. People need only enter site: [university].edu “xxx” or site: [university].edu ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
InfoWorld

SpaceX secures option to acquire AI coding startup Cursor for $60B

The rocket company says the deal would pair Cursor’s coding models with SpaceX’s Colossus supercomputer, raising questions ...
The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...
Hackaday

This Week In Security: Docker Auth, Windows Tools, And A Very Full Patch Tuesday

CVE-2026-34040 lets attackers bypass some Docker authentication plugins by allowing an empty request body. Present since 2024, this bug was caused by a previous fix to the auth workflow. In the ...

This Footage of a Puking Snake Is a Gross Reminder of Why Python Control Is So Important

A recent video that a python removal contractor shared to Instagram shows a Burmese python regurgitating a native bird whole.
eWeek

10 Practical Grok AI Prompts to Boost Workplace Productivity in 2026

Use these 10 Grok prompts to speed up research, writing, planning, and document review, with practical workplace templates ...