The Hacker News

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

According to Socket, the extensions (complete list here) are published under five distinct publisher identities – Yana ...

Hackers exploit critical flaw in Ninja Forms WordPress plugin

A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files ...
CSO Online

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.
SecurityWeek

Fake Claude Website Distributes PlugX RAT

A website posing as a legitimate Anthropic Claude domain was caught serving a remote access trojan to its visitors, Malwarebytes reports. Relying on Claude’s popularity, a threat actor created a site ...