The Hacker News

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

Researchers expose new WordPress malware and ClickFix phishing kits exploiting cache smuggling for stealth attacks.
The Hacker News

Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks

CrowdStrike links Oracle EBS CVE-2025-61882 (CVSS 9.8) to Cl0p with moderate confidence; CISA adds to KEV, patch by Oct 27, 2025.
GitHub

SEP-1612: Fully Compliant and Backward-Compatible Pure HTTP Transport

This SEP proposes a Pure HTTP transport layer for the Model Context Protocol (MCP). This transport layer is designed to be fully compliant and backward-compatible with the 2025-06-18 MCP protocol ...
Bleeping Computer

Critical Docker Desktop flaw lets attackers hijack Windows hosts

A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. The ...
GitHub

HTTP/2 request splitting via CRLF injection

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack Vector: This metric reflects the context by which vulnerability ...