The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...

Microsoft’s open source tools were hacked to steal passwords of AI developers

Microsoft shut down dozens of GitHub code repositories for Azure and AI coding tools after a reported hack.

Dashlane explains how attackers managed to download encrypted password vaults

Dashlane said that attackers mounted a coordinated hacking campaign against a large base of its users in an attempt to ...
SecurityWeek

Mirasvit Vulnerability Exploited to Execute Code on Magento Servers

Hackers are exploiting a critical vulnerability in Mirasvit Full Page Cache Warmer to execute code remotely on Magento ...

Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...
Decrypt

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...
SecurityWeek

VS Code Vulnerability Allows One-Click GitHub Token Theft

A researcher has disclosed details of a severe VS Code vulnerability that can be exploited to steal GitHub tokens and access ...

Unverified DeFi contracts linked to $36.7M in losses: Chainalysis

Chainalysis identified $36.7 million in losses from unverified DeFi contracts, warning that AI tools are making hidden smart ...

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...
Game Rant

Roblox: Jujutsu Zero Codes (June 2026)

Tom Bowen is a senior editor who loves adventure games and RPGs. He's been playing video games for several decades now and writing about them professionally since 2020. Although he dabbles in news and ...