News

The Hacker News7h
Why React Didn't Kill XSS: The New JavaScript Injection Playbook
JavaScript injection attacks surged in 2024, hitting major brands via Polyfill.io. Learn why frameworks failed.
The Hacker News7h
Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia's Mobile Networks
A massive mobile malware campaign targets Android and iOS users in Asia, stealing personal data through fake apps.
The Hacker News2h
Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44
The shortcoming unearthed by Wiz in Base44 concerns a misconfiguration that left two authentication-related endpoints exposed without any restrictions, thereby permitting anyone to register for ...
The Hacker News13h
CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security vulnerability ...
The Hacker News4h
Chaos RaaS Emerges After BlackSuit Takedown, Demanding $300K from U.S. Victims
Chaos ransomware rises after BlackSuit takedown, hitting U.S. targets with $300K demands and stealthy evasion tactics.
The Hacker News3h
PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain
Phishing emails mimicking PyPI target developers to steal credentials via fake sites. Users urged to stay alert.
The Hacker News6h
How the Browser Became the Main Cyber Battleground
Browser-based identity attacks surge in 2025, targeting SaaS apps and weak credentials across enterprise accounts.