The Hacker News

⚡ Weekly Recap: Fortinet Exploited, China's AI Hacks, PhaaS Empire Falls & More

Fortinet CVE exploited, China-linked AI attacks exposed, PhaaS platform dismantled, and fake crypto apps deploy RATs. Catch ...
InfoWorld

Worm flooding npm registry with token stealers still isn’t under control

Goal is to steal Tea tokens by inflating package downloads, possibly for profit when the system can be monetized.
CSO Online

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser ...
InfoWorld

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
CSO Online

November Patch Tuesday: Zero day Windows kernel flaw in servers, controllers, and PCs

Also of importance are a Kerberos vulnerability in Active Directory, a Visual Studio Copilot extension, and a Microsoft ...