The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to China-based servers.
The Hacker News

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

A high-severity OpenClaw flaw allows one-click remote code execution via token theft and WebSocket hijacking; patched in ...
Cult of Mac

Apple’s iOS Javascript Browser Tweak Hacked To Allow Any App To Run Malicious Code

When it comes to Mac hacking, there are few security experts more dangerous than Charlie Miller, who can hack a Mac in mere seconds. Luckily, Miller only uses his hacking powers for the forces of good ...
techtimes

384,000 Websites are Directing Users to Malicious Domains Due to Compromised Code

Legitimate websites have reportedly been compromised after a once useful polyfill[.]com-hosted Javascript code has been altered by its new owners, leading websites to unintentionally link users to ...
Wired

The Rise of ‘Vibe Hacking’ Is the Next AI Nightmare

In the near future one hacker may be able to unleash 20 zero-day attacks on different systems across the world all at once. Polymorphic malware could rampage across a codebase, using a bespoke ...
Bleeping Computer

Hackers inject malicious JS in Cisco store to steal credit cards, credentials

Cisco’s site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided at ...
Wired

A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub

A secretive network of around 3,000 “ghost” accounts on GitHub has quietly been manipulating pages on the code-hosting website to promote malware and phishing links, according to new research seen by ...