The Hacker News

Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks

Google links Turla to STOCKSTAY, a new .NET backdoor used in phishing attacks against Ukraine government and military targets ...
makeuseof

I run three self-hosted apps on a $35 Raspberry Pi and they never skip a beat

Yadullah Abidi is a Computer Science graduate from the University of Delhi and holds a postgraduate degree in Journalism from the Asian College of Journalism, Chennai. With over a decade of experience ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
TheServerSide

Tomcat vs. Apache HTTP Server: What's the difference?

What's the difference between Tomcat and Apache? It's a question developers hear frequently. But, when worded that way, it contains some misleading assumptions. Normally, when people ask this question ...
theregister

Crime crew impersonates help desk, abuses Microsoft Teams to steal your data

A previously unknown threat group using tried-and-tested social engineering tactics - Microsoft Teams chat invitations and helpdesk staff impersonation - is also using custom malware in its ...
CSOonline

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A critical pre-authentication remote code execution vulnerability in Marimo, an open-source Python notebook platform owned by AI cloud company CoreWeave, was exploited in the wild less than 10 hours ...
Forbes

Rust: The Unlikely Engine Of The Vibe Coding Era

In 2025, something unexpected happened. The programming language most notorious for its difficulty became the go-to choice for the laziest form of programming imaginable. For a decade, Rust was for ...
Dark Reading

OpenClaw's Gregarious Insecurities Make Safe Usage Difficult

OpenClaw, the open source agentic AI assistant available from GitHub, continues to attract a growing following. Like many tech-savvy workers, Dane Sherrets, a staff innovation architect at HackerOne, ...
The Hacker News

Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia

The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants ...
GitHub

websocketd – like inetd, but for WebSockets

websocketd is a small command-line tool that will wrap an existing command-line interface program, and allow it to be accessed via a WebSocket. WebSocket-capable applications can now be built very ...
GitHub

⚡ FASTAPI Websocket RPC

A fast and durable bidirectional JSON RPC channel over Websockets. The easiest way to create a live async channel between two nodes via Python (or other clients). Both server and clients can easily ...
TechRadar

Gmail servers hijacked by malicious PyPI packages to spread havoc - here's how to stay safe

Socket found seven malicious packages on PyPI The packages were abusing Gmail and WebSocket They were removed from the platform Several malicious PyPI packages were recently observed abusing Gmail to ...