The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...
The Hacker News

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

WebRTC skimmer exploits PolyShell flaw since March 19, hitting 56.7% stores, enabling stealth data theft bypassing CSP.

A major hacking tool has leaked online, putting millions of iPhones at risk. Here’s what you need to know.

Here’s what we know, and what you need to know, about Coruna and DarkSword, two advanced iPhone hacking tools discovered by ...

Huge numbers of web stores are facing attack from this dangerous new malware

PolyShell vulnerability in Magento/Adobe Commerce mass exploited, hitting over half of vulnerable stores Attackers deploy ...

Bubble AI app builder abused to steal Microsoft account credentials

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building ...

PolyShell attacks target 56% of all vulnerable Magento stores

Attacks leveraging the 'PolyShell' vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are ...
CSO Online

GitHub phishers use fake OpenClaw tokens to drain crypto wallets

Attackers exploit OpenClaw hype with fake “CLAW” airdrops, luring developers from GitHub into wallet-draining phishing sites.
Tech Xplore on MSN

Thousands of websites are accidentally broadcasting sensitive data, study finds

Researchers have discovered a major security leak hiding in plain sight on the internet that could expose the personal data ...
Morning Overview on MSN

Study finds thousands of sites exposed API keys and other credentials

Researchers scanning 10 million webpages have found that nearly 10,000 pages contained live API credentials left in plain ...
WinBuzzer

90% of Claude Code Output Lands in Low-Star GitHub Repos

Anthropic's Claude Code has surpassed 20 million GitHub commits, but 90% of output has landed in repos with fewer than two ...