The Hacker News

Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users

Security researchers found two Chrome extensions with 900,000 installs secretly collecting ChatGPT and DeepSeek chats and ...
The Hacker News

Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover

CERT/CC warns an unpatched TOTOLINK EX200 firmware flaw lets authenticated attackers enable unauthenticated root telnet and ...
The Hacker News

New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands

Critical n8n flaw CVE-2025-68668 allows authenticated users to run system commands via workflows; affects versions 1.0.0 to ...
The Hacker News

Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat

A new PHALT#BLYX campaign targets European hotels using fake Booking.com emails, ClickFix lures, PowerShell, and MSBuild to ...
The Hacker News

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

A critical CVSS 9.2 flaw in AdonisJS bodyparser lets attackers write arbitrary files via path traversal when uploads are ...
The Hacker News

VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX

AI-based VS Code forks recommended unclaimed extensions, allowing malicious uploads in Open VSX and risking developer systems ...
The Hacker News

The State of Cybersecurity in 2025: Key Segments, Insights, and Innovations

Cybersecurity shifts toward hardware trust, AI-driven defense, network visibility, and human risk as attackers move faster ...
The Hacker News

Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act

Ilya Lichtenstein, convicted in the 2016 Bitfinex bitcoin hack, was released early to home confinement under the First Step ...
The Hacker News

New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code

VVS Stealer is a Python-based malware sold on Telegram that steals Discord tokens, browser data, and credentials using heavy ...
The Hacker News

⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More

First 2026 cyber recap covering IoT exploits, wallet breaches, malicious extensions, phishing, malware, and early AI abuse.
The Hacker News

Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government

Russia-aligned UAC-0184 abuses Viber messages to deliver Hijack Loader and Remcos RAT in espionage attacks on Ukrainian ...
The Hacker News

Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks

Kimwolf is an Android botnet that infected 2M+ devices via exposed ADB, using proxy networks to run DDoS attacks and sell ...