The Hacker News

Work Moved Into the Browser. Security Didn't. AI Is Exposing the Gap

User-initiated shell ran via HTTPS CAPTCHA at 2:14 p.m. Tuesday, exposing browser blind spot and breaking session attribution ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious ...