The Hacker News

⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

This week’s cybersecurity recap covers Firefox and Chrome bugs, EDR-killer tools, a TV botnet, an OpenBSD flaw, Android ...
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

I let Claude audit my messy Home Assistant setup, and it was a massive wake-up call

I gave Claude access to my Home Assistant. It helped me audit, debug, and improve my smart home better than I ever could have ...
Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...
The Hacker News

Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model

Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have ...
Security Boulevard

SonarQube Agentic Analysis: Verify AI code as it is generated

AI coding agents like Cursor and Claude Code have fundamentally changed how software is being developed. While these assistants generate code at high speeds, they often lack the specific context of ...
GitHub

The first intelligent AI agent running natively on a smartwatch.

Tap. Speak. Get an answer. No cloud STT, no phone dependency, no latency from middlemen. This makes ClawWatch unusually capable: it can stay in touch with both your other agents and your body in real ...
Dark Reading

Bug in Google's Gemini AI Panel Opens Door to Hijacking

Google has fixed a high-severity flaw in its implementation of Gemini AI in the Chrome browser that could have allowed attackers to escalate privileges, violate user privacy while browsing, and access ...
InfoWorld

Is AI killing open source?

Open source has never been about a sprawling community of contributors. Not in the way we’ve imagined it, anyway. Most of the software we all depend on is maintained by a tiny core of people, often ...
theregister

n8n security woes roll on as new critical flaws bypass December fix

Multiple newly disclosed bugs in the popular workflow automation tool n8n could allow attackers to hijack servers, steal credentials, and quietly disrupt AI-driven business processes. The ...
CSOonline

AI-powered bug hunting shakes up bounty industry — for better or worse

AI-powered bug hunting has changed the calculus of what makes for an effective bounty program by accelerating vulnerability discovery — and subjecting code maintainers to ballooning volumes of AI flaw ...
PCQuest

Cross site scripting decoded how hackers turn a browser bug into a full scale breach

Cross-Site Scripting (XSS) attacks are often misunderstood as harmless glitches that display alerts in the browser, while in actuality they are one of the most powerful and malicious vulnerabilities ...