The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...
The Hacker News

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Valentić told The Hacker News that the use of fake progress indicators mimicking legitimate installation progress and the ...

iPhone exploit DarkSword has been released in the wild: How to protect yourself

Uh-oh. Now anyone can easily use it.

Ajax football club hack exposed fan data, enabled ticket hijack

Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT ...

Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers

Multi-stage fraud attacks chain bots, proxies, and stolen credentials from signup to takeover. IPQS shows why correlating IP, ...

Someone has publicly leaked an exploit kit that can hack millions of iPhones

Leaked "DarkSword" exploits published to GitHub allow hackers and cybercriminals to target iPhone users running old versions ...
Everyday Health

Should You Switch to the Wegovy Pill?

The arrival of the Wegovy pill (semaglutide), the first oral GLP-1 drug approved to treat obesity, means freedom of choice: Adults who are looking to lose weight and have at least one weight-related ...
TidBITS

DarkSword Exploit Threatens iPhones Still Running iOS 18

Security researchers have discovered DarkSword, a sophisticated exploit chain targeting iOS 18.4 through 18.7.2. Unlike past spyware aimed at high-profile targets, DarkSword is being surreptitiously ...

Experts warn Claude Chrome extension could let hackers hijack your online browsing

Prompt injection attacks can now be carried out in browser extensions, experts warn.