Dark Reading

Automated Credential Harvesting Campaign Exploits React2Shell Flaw

An emerging threat cluster is exploiting vulnerable Web-exposed Next.js apps and using an automated tool to steal credentials ...
Decrypt

Google Researchers Reveal Every Way Hackers Can Trap, Hijack AI Agents

A Google DeepMind paper maps six attack categories against autonomous AI agents—from invisible HTML commands to multi-agent ...
CSO Online

Security lapse lets researchers view React2Shell hackers’ dashboard

The campaign is stealing credentials from unpatched servers at scale, due to “neglect and efficiency,” says analyst, and the ...

Teenagers and younger kids are learning coded predator phrases like ‘MAP’ online, long before their parents have even heard of it

When I checked my 10-year-old daughter’s TikTok messages in early February 2026, I expected to find the usual mix of dance ...
The Hacker News

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...