The Hacker News

Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

A large-scale campaign impersonates open-source and freeware project portals to redirect users through a gated TDS and ...
SecurityWeek

Mirasvit Vulnerability Exploited to Execute Code on Magento Servers

A flaw in the Full Page Cache Warmer extension can be exploited without authentication via serialized PHP object payloads. The US cybersecurity agency CISA on Wednesday urged federal agencies to ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
Android

Infostealer Malware Sneaks into Popular Codex UI Tool After One Month of Building Trust

Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue ...

Education system under threat? Questions raised over CBSE marking system after glitch found

Cybersecurity researcher Nisarga Adhikary, 19, claimed a CBSE test portal had a master password that bypassed OTPs, letting users alter student marks. CBSE denied any main system breach, stating the ...
InfoWorld

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique ...

Did 19-year-old Nisarga Adhikary hack CBSE OSM portal? Claims, counterclaims explained

Nisarga Adhikary claimed he had hacked the CBSE website and identified serious lapses in the agency's On Screen Marking (OSM) ...
The Hacker News

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

CVE-2026-5426 enabled KnowledgeDeliver LMS attacks before February 24, 2026, leading to Cobalt Strike infections.
IEEE

Simultaneous Authentication of Multiple Users Using a Single mmWave Radar

Abstract: User authentication is crucial for maintaining privacy. However, most existing methods are designed for single-user scenarios and may not be efficient for multiple users. To address this ...