The Hacker News

Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues

Microsoft confirms it temporarily removed GitHub repos after Miasma worm compromised 73 of its open-source projects to inject ...

How ChatGPT's new Lockdown mode protects you from data theft (and what else it does)

How ChatGPT's new Lockdown mode protects you from data theft (and what else it does) ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...
The Caledonian-Record

Ascensia Diabetes Care Expands CONTOUR® Portfolio with CONTOUR®COMFORT Pen Needles to Bring Greater Stability and Control to the Everyday Injection Experie…

Ascensia Diabetes Care, a global diabetes care company and subsidiary of PHC Holdings Corporation (TSE 6523), today announced ...

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue ...

How to guarantee a speaker gig: Hack the system. Literally

A security researcher found a foolproof way to guarantee tech conferences accept his speaker submissions: hack their systems. CVE-2026-41241 is a stored cross-site scripting (XSS) vulnerability in ...
New Scientist

Pancreatic cancer halted by virus injection in three patients

A cancer-killing virus has stopped pancreatic tumours from growing and spreading in three people in an initial safety trial, ...
HealthlineOpinion

Peptide Injections Touted as ‘Fountain of Youth.’ Spoiler Alert: They’re Not

Wellness peptides have become wildly popular despite lacking credible evidence for their safety and effectiveness. Here's why ...
Hackaday

This Week In Security: Ubiquiti Fixes, And FreeBSD Joins The Club You Don’t Want To Join

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...
Android

The Notification Trap: How a Text on WhatsApp Could Have Controlled Your Phone's AI

Security firm SafeBreach discovered a significant prompt injection flaw in Android’s Google Gemini that allowed malicious notifications from apps like WhatsApp or Slack to hijack the assistant. By ...