The Hacker News

Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool

A malicious Chrome extension posing as a trading tool steals MEXC API keys, enables withdrawals, and sends credentials to ...
CSO Online

Sophisticated VoidLink malware framework targets Linux cloud servers

Check Point researchers have discovered a modular malware framework likely designed by Chinese developers to harvest ...
InfoQ

Bun Introduces Built-in Database Clients and Zero-Config Frontend Development

Bun 1.3 revolutionizes full-stack JavaScript development with unified database APIs and zero-config frontend setup. Experience enhanced performance with built-in Redis support and optimized bundling.
InfoWorld

From typos to takeovers: Inside the industrialization of npm supply chain attacks

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, credential-driven supply chain compromises — exploiting CI systems, ...
The Hacker News

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

RondoDox botnet exploits the React2Shell vulnerability in Next.js, with over 90,000 exposed systems used to deploy miners and ...
CSO Online

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not ...