GitHub releases npm 12 with install scripts off by default and begins phasing out 2FA bypass tokens for sensitive npm actions ...
Microsoft details GigaWiper, a Windows backdoor that bundles disk wiping, fake ransomware, and remote control into one ...
ThreatsDay Bulletin covers fraud arrests, supply-chain attacks, phishing, cloud hijacking, ransomware, Windows flaws, and ...
Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges | Read more hacking news on The Hacker News ...
AI Now’s Friendly Fire PoC shows Claude Code and Codex running README-planted payloads on hosts when autonomous command ...
Meta Muse Image lets users tag public Instagram accounts to generate AI images, with public posts and reels reusable by ...
Wiz says GhostApproval abuses symlinks so AI coding agents write to SSH keys or shell startup files while showing benign ...
GitHub ghost accounts and exposed PATs scrape corporate orgs through the API, with select cases cloning private repos.
Infoblox says Lurking Lizard has used fake installers, mobile apps, and lookalike domains to recruit devices into a proxy ...
Passkeys reduce stolen-password value, shifting ATO toward recovery, re-verification, magic links, and AI-driven identity ...
EvilTokens uses AES-GCM encrypted HTML and Microsoft Device Code Phishing to hide Microsoft 365 account takeover pages until ...
Ubiquiti fixes seven critical UniFi flaws across Connect, Talk, Access, Protect, and OS, with no evidence of exploitation in ...