The Hacker News

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Researchers uncovered 27 malicious npm packages used over five months to host phishing pages that steal credentials from ...
Infosecurity Magazine

Five Key Flaws Exploited in 2025's Major Software Supply Chain Incidents

Infosecurity has selected five of the most significant vulnerability exploitation campaigns of 2025 that led to major ...
InfoWorld

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...

The Real-World Attacks Behind OWASP Agentic AI Top 10

OWASP's new Agentic AI Top 10 highlights real-world attacks already targeting autonomous AI systems, from goal hijacking to ...
DataBreachToday

Researchers Spot New Shai Hulud Variant

Hackers behind the Shai Hulud malicious npm JavaScript campaign are likely testing a new variant of the malware. Security ...
eWeek

LangChain AI Vulnerability Exposes Millions of Apps

A critical LangChain AI vulnerability exposes millions of apps to theft and code injection, prompting urgent patching and ...