The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...

Suspicious Polyfill login prompts pop up on Toshiba, Muji websites

Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could ...

Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flaws

Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws, including five publicly disclosed zero-day ...
techtimes

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...

CBSE OSM Portal Had Critical Vulnerabilities, Ethical Hacker Tells NDTV

CBSE Class 12 Evaluation System Issues: Adhikari claimed that by combining these flaws, an attacker could potentially take over examiner accounts, view assigned answer scripts, modify marks, and ...

‘No security breach’: CBSE clarifies after Class 12 student claims ‘vulnerabilities’ in OSM portal

CBSE clarified that the portal used for evaluation answer sheets has a different URL than the one visible on the teenager's screenshots.
Opinion
HackadayOpinion

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...

Did 19-year-old Nisarga Adhikary hack CBSE OSM portal? Claims, counterclaims explained

Nisarga Adhikary claimed he had hacked the CBSE website and identified serious lapses in the agency's On Screen Marking (OSM) system.

Three free office suites vs. Microsoft 365 – technology comparison

The real difference lies deeper – because where should a web office suite run in the first place? All answers are legitimate: ...
MUO on MSN

I blocked location permissions on every site but websites were still tracking me through 3 other signals I hadn't considered

My browser was still volunteering a rough answer anyway.
Morning Overview on MSN

Three separate supply-chain attacks hit npm, PyPI, and Docker Hub within 48 hours — all three targeted developer cloud credentials and SSH keys

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software registries on the internet within a span of roughly 48 hours. The targets were ...