The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

Atlanta Public Schools, Fulton officials hesitant to extend TADs

Representatives from Fulton County and Atlanta Public Schools are hesitant to set aside revenue for Mayor Andre Dickens' plan ...
GovInfoSecurity

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
The Hacker News

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

DarkSword exploit targets iOS 18.4–18.7 using 6 flaws and 3 zero-days, enabling rapid data theft from iPhones across multiple ...

Malware on npm: HTTP client axios loads backdoor for Windows, macOS, and Linux

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...

AI finds critical ImageMagick vulnerabilities in default configurations

An AI pentesting tool has discovered critical vulnerabilities in default ImageMagick configurations. Workarounds offer ...

'Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks': Google says North Korean hackers behind major attack on Axi…

It is exactly this backdoor that had Google conclude this was a North Korea-sponsored campaign. GTIG said WAVESHAPER.V2 is an ...

That new White House app looks all sorts of problematic under the hood

Last week, the current US administration decided to distract everyone a little bit from the illegal war it’s waging by ...
Biometric Update

Aura breach and AI companion app flaws sharpen privacy fears

A new security report on AI companion apps is drawing attention because it arrives as an identity protection company is dealing with a data exposure incident.

Hackers compromise popular Axios Javascript library with hidden malware

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...