Morning Overview on MSN

Hackers poisoned the PyTorch Lightning AI package and it started stealing credentials the moment you imported it

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...

JDownloader site hacked to replace installers with Python RAT malware

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...
The Hacker News

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...

Fake OpenAI repository on Hugging Face pushes infostealer malware

A malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's "Privacy Filter" project ...
CSO Online

Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs

A previously undocumented .NET trojan and its companion Pheno plugin allow attackers to capture mobile authentication codes ...
Infosecurity Magazine

CloudZ Malware Abuses Phone Link to Steal SMS OTPs

A Windows malware toolkit has been observed stealing SMS messages and one-time passwords (OTPs) from victim machines by ...