The Hacker News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Two critical n8n flaws (CVSS 9.4, 9.5) enable RCE via expression sandbox escape and public forms, risking credential exposure ...

Google report: AI is accelerating cloud cyberattacks, and one weak link stands out

Google's latest threat report warns that third-party tools are now prime targets for attackers - and businesses have only days to prepare defenses.
InfoWorld

First look: Electrobun for TypeScript-powered desktop apps

Powered by the TypesScript-native runtime Bun, Electrobun improves Electron with a smaller application footprint and built-in update mechanisms.
TechJuice

Hackers Exploit npm Supply Chain to Gain AWS Admin Access

Hackers exploited a compromised npm package to breach cloud systems and gain full AWS administrator access within 72 hours.
Bleeping Computer

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the ‘PhantomRaven’ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. The campaign ...
Security Boulevard

What Is an Exposure Assessment Platform — And Why Your Website Is the Blind Spot

In November 2025, Gartner formalized a new security category — Exposure Assessment Platforms — evaluating 20 vendors on their ability to continuously identify and prioritize The post What Is an ...
Opinion
Foreign AffairsOpinion

America’s Endangered AI

It was, Anthropic declared, “the first documented case of a large-scale cyberattack executed without substantial human intervention.” This assault on U.S. infrastructure was innovative in its use of ...
Cybernews

Who owns your Chrome extension? Researchers warn side projects are being turned into malware

Many Chrome extensions start as small developer projects, and once they gain users, are sold on. But what if the new owner turns out to be a bad actor who gains the ability to update software running ...
CPO Magazine

LexisNexis L&P Confirms Data Breach After Hacker Leaks Stolen Information

A data breach has hit the American data analytics company LexisNexis Legal & Professional after hackers breached its legacy servers. LexisNexis provides legal, business, and academic analytics tools ...
The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation.
Opinion

Who is Iran’s new leader, and how will he affect your grocery prices?

A sense of the new Supreme Leader Mojtaba Khamenei’s personality would be helpful for example. But unlike his father, Ayatollah Ali Khamenei, he has never held government office nor given speeches or ...
InfoWorld

19 large language models redefining AI safety—and danger

Whether you are looking for an LLM with more safety guardrails or one completely without them, someone has probably built it.