The Hacker News

⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More

Phishing surge, LinkedIn tracking claims, spyware use, and rising stealers expose growing abuse of trusted systems.

Techie Tonic: Two CISOs warn Axios breach changes supply chain trust model

Two CISOs dissect the Axios npm attack, revealing a self-erasing RAT, CI/CD compromise risks and why open-source software ...

AI being used to add fake details in immigration, asylum applications, federal officials say

The applications, which include references to fabricated court decisions, are creating a fresh challenge, Immigration and ...

At a heavy-metal high school, Indigenous youth seek community through darkness

In Montana’s Blackfeet Nation, a class offers a crash course on distorted guitars and dealing with crushing anxiety ...

LinkedIn secretly scans for 6,000+ Chrome extensions, collects data

A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan ...
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Cloudflare's Open-Source CMS: EmDash challenges WordPress

EmDash is a new content management system based on TypeScript and Astro. Plug-ins are intended to run securely within a ...
MUO on MSN

Windows app development is broken and it's affecting every program you use

Thirty years of bad decisions finally caught up with your Task Manager ...
InfoWorld

PEP 816: How Python is getting serious about Wasm

Another big drawback: Any modules not written in pure Python can’t run in Wasm unless a Wasm-specific version of that module ...

How AI has suddenly become much more useful to open-source developers

More open-source developers are finding that, when used properly, AI can actually help current and long-neglected programs.

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...
Tech Xplore

Thousands of websites are accidentally broadcasting sensitive data, study finds

Researchers have discovered a major security leak hiding in plain sight on the internet that could expose the personal data ...