The Hacker News

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...
latesthackingnews.com

CVE-2026-48907: How the Joomla JCE Exploit Works and What to Do About It

CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.
The Next Web

Attackers hijacked over 1,500 Arch Linux packages to steal developers’ secrets, no hacking required

Attackers hijacked over 1,500 packages in Arch Linux's AUR to plant a credential stealer. The official repos are safe, but the trust model took the hit.

Chainguard's new Athena coalition uses AI to fix open-source flaws - before attackers exploit them

Chainguard will use AI to protect open-source code. Athena pools open-source users, developers, and maintainers. Others are ...
GitHub

High CVE-2024-4761 Exploit

Google has released emergency security updates to address a high-severity zero-day vulnerability vulnerability, tracked as CVE-2024-4761, in the Chrome browser. The vulnerability is an out-of-bounds ...