The Hacker News

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

FROST uses JavaScript and OPFS SSD timing to identify websites at 88.95% F1, exposing cross-browser privacy leaks.

Microsoft patches Exchange Server zero-day exploited in attacks

Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

'Unduly lenient' sentence for Henry Nowak's murderer referred to Court of Appeal

The sentence of Vickrum Digwa for the murder of Henry Nowak has been referred to the Court of Appeal for being "unduly ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
Infosecurity Magazine

New “Agentjacking” Attacks Could Hijack AI Coding Agents

Tenet Security researchers reveal how new “agentjacking” attacks could trick coding agents into executing arbitrary code ...
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
MSN on MSN

This JavaScript risk could cost developers dearly

Recently, npm, the essential package manager used by developers worldwide, suffered a massive supply chain attack. This ...
Telegraph Herald

Russian attack sets fire to centuries-old religious site in Kyiv and kills 5 in Kharkiv

A large-scale Russian attack on Ukraine killed five rescuers in Kharkiv and wounded at least 13 people in the capital Kyiv on Monday as strikes set apartment ...

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows ...

Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...
The Caledonian-Record

Large-scale Russian attack sparks fire at historic monastery and other sites in Ukraine, in photos

A large-scale Russian attack on Ukraine on Monday killed rescue workers and sparked a fire Monday at one of the country’s most significant religious landmarks, a ...