The Hacker News

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

WebRTC skimmer exploits PolyShell flaw since March 19, hitting 56.7% stores, enabling stealth data theft bypassing CSP.
InfoWorld

New ‘StoatWaffle’ malware auto‑executes attacks on developers

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, ...
The Hacker News

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Magento flaw allows unauthenticated file uploads up to 2.4.9-alpha2, enabling RCE or takeover, exposing stores to attack risk ...

Telnet: Critical vulnerability allows injecting malicious code from the network

A vulnerability in the telnetd of GNU Inetutils allows attackers from the network to inject malicious code – without prior ...
Security Boulevard

FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security ...

Aible Launches SafeClaw Long-Running Agents and Presents at Eight Partner Booths and Sessions at NVIDIA GTC 2026

Aible launches SafeClaw that enables long-running agents with built-in enterprise AI governance and guardrails.Aible ...
OSTechNix

Debian 13.4 Released with Essential Security and Kernel Updates

The Debian Project released Debian 13.4 trixie. Upgrade your trixie installation to Debian 13.4 to get critical security ...

Cloud attacks are getting faster and deadlier - here's your best defense plan

Cloud attacks are getting faster and deadlier - here's your best defense plan ...
InfoWorld

Flaws in four popular VS Code extensions left 128 million installs open to attack

Critical and high-severity vulnerabilities were found in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution, ...
Forbes

Mozilla Issues Firefox System Takeover Security Update

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. Update Firefox and Thunderbird now. Mozilla has confirmed a security issue affecting all ...
TechSpot

Unwanted AI upgrade to Windows Notepad created a serious security flaw

The big picture: Microsoft released its latest Patch Tuesday update this week with 59 hotfixes across Windows, Microsoft Office, Azure, and core system components. The update includes patches for six ...