The Hacker News

Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages

Security researchers found 3 npm packages that installed NodeCordRAT malware, stealing browser data, crypto wallet secrets & ...
InfoWorld

Open WebUI bug turns the ‘free model’ into an enterprise backdoor

The bug allows attacker-controlled model servers to inject code, steal session tokens, and, in some cases, escalate to remote ...
SecurityWeek

Critical Vulnerability Patched in jsPDF

A jsPDF vulnerability tracked as CVE-2025-68428 could allow attackers to read arbitrary files, exposing configurations and ...

Critical jsPDF flaw lets hackers steal secrets via generated PDFs

The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that ...
Dark Reading

RondoDox Botnet Expands Scope With React2Shell Exploitation

Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining and other malicious activity to ...
Cryptopolitan on MSN

Malicious Bitcoin npm packages spread NodeCordRAT malware before takedown

Researchers at Zscaler ThreatLabz have found three malicious Bitcoin npm packages that are meant to implant malware named ...

Browser extension malware infected 8.8M users in DarkSpectre attack

Browser extensions turned malicious after years of legitimate operation in DarkSpectre campaign affecting millions. The ...

This WebUI vulnerability allows remote code execution - here's how to stay safe

Open WebUI, an open-source, self-hosted web interface for interacting with local or remote AI language models, carried a high ...