The Hacker News

âš¡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More

Phishing surge, LinkedIn tracking claims, spyware use, and rising stealers expose growing abuse of trusted systems.

Techie Tonic: Two CISOs warn Axios breach changes supply chain trust model

Two CISOs dissect the Axios npm attack, revealing a self-erasing RAT, CI/CD compromise risks and why open-source software ...

AI being used to add fake details in immigration, asylum applications, federal officials say

The applications, which include references to fabricated court decisions, are creating a fresh challenge, Immigration and ...

They can build an app in hours. Then comes the hard part.

Vibe coding could be the nontechnical person's golden ticket to the side hustle life. Now all you need is an idea people will ...

At a heavy-metal high school, Indigenous youth seek community through darkness

In Montana’s Blackfeet Nation, a class offers a crash course on distorted guitars and dealing with crushing anxiety ...

LinkedIn secretly scans for 6,000+ Chrome extensions, collects data

A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan ...
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Cloudflare's Open-Source CMS: EmDash challenges WordPress

EmDash is a new content management system based on TypeScript and Astro. Plug-ins are intended to run securely within a ...
MUO on MSN

Windows app development is broken and it's affecting every program you use

Thirty years of bad decisions finally caught up with your Task Manager ...

How AI has suddenly become much more useful to open-source developers

More open-source developers are finding that, when used properly, AI can actually help current and long-neglected programs.

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...
Tech Xplore

Thousands of websites are accidentally broadcasting sensitive data, study finds

Researchers have discovered a major security leak hiding in plain sight on the internet that could expose the personal data ...