The Hacker News

The State of Trusted Open Source

Analysis shows most security risk sits in longtail open source images, with 98% of CVEs outside top projects & Critical flaws ...

Critical jsPDF flaw lets hackers steal secrets via generated PDFs

The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that ...

CISA tags max severity HPE OneView flaw as actively exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a maximum-severity HPE OneView vulnerability as ...
CSO Online

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not ...
The Hacker News

Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches

Black Cat cybercrime group used SEO poisoning and fake software downloads to infect nearly 278,000 systems in China with data ...

900,000 Users Hit as Malicious Chrome Extensions Steal ChatGPT, DeepSeek Chats

OX Security reveals how malicious Chrome extensions exposed AI chats from ChatGPT and DeepSeek, silently siphoning sensitive ...

Critical macOS Flaw Lets Attackers Bypass Apple Privacy Controls Without Consent

A newly disclosed macOS vulnerability bypasses Apple’s TCC privacy controls, allowing silent access to files, microphone data ...
CSO Online

Critical RCE flaw allows full takeover of n8n AI workflow platform

A compromised n8n instance doesn’t just mean losing one system — it means handing attackers the keys to everything,’ security ...