SecurityWeek

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...
XDA Developers on MSN

Trying to self-host LLMs made me realize local AI has a friction problem, not a quality problem

Think of it as the Linux desktop problem, all over again ...
XDA Developers on MSNOpinion

OpenClaw promised a self-hosted AI assistant I could actually leave running, but Hermes Agent is the one that delivers it

Hermes Agent gets a lot right, and it's something I'd trust a lot more than OpenClaw.

Discord DAVE Encrypts Calls, but Not Text Chats

Discord’s DAVE protocol encrypts eligible voice and video calls, but DMs, server text channels, and Stage channels remain ...
Dark Reading

China's Webworm Uses Discord, Microsoft Graphs to Hack EU Governments

The advanced persistent threat group also relied on SOCKS proxies like SoftEther VPN, tunneling tools that act as a middleman between victim and attacker.

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...
PCMag

Your Private Discord Voice and Video Chats Are Now End-to-End Encrypted

E2EE for voice and video started rolling out in March, but Discord has now tied up some loose ends and made it standard ...
cybernews

Supply chain hit once again: single NPM account pushes 600+ compromised packages, used by millions

Another massive supply chain attack is spreading. Hundreds of compromised NPM packages are being detected, with hackers using stolen secrets to create over 2,200 public GitHub repositories, all ...