The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
Cryptopolitan

Attackers trojanized Arweave’s WeaveDB npm package to deploy malware

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...
SecurityWeek

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...
The Hacker News

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

FROST uses JavaScript and OPFS SSD timing to identify websites at 88.95% F1, exposing cross-browser privacy leaks.

Cloudflare acquires VoidZero, maker of the Vite JavaScript toolchain

Cloudflare Inc. today said it has acquired VoidZero Inc., the open-source company behind Vite and the widely used JavaScript ...
Bleeping Computer

New IronWorm malware hits 36 packages in npm supply-chain attack

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...

OneDrive is getting an AI feature that names your files so you don’t have to

Copilot Suggested Rename is coming to OneDrive on the web in June 2026, using AI to analyze your file's content and suggest ...

Tips to police about bombing of Arizona journalist revealed decades later

Records show investigators heard tips about Kemper Marley’s possible involvement in the months and years following the Don ...
The Register-Herald

Sharpshooter Milan Mimcilovic commits to Kentucky after pulling out of NBA draft

Former Iowa State sharpshooter Milan Momcilovic has committed to Kentucky, giving coach Mark Pope one of the best players in ...
QueertyOpinion

Thomas Massie’s revenge continues with three new names from the Epstein list

Back in February, Massie called out Victoria’s Secret founder Les Wexner, investor Leon Black, and Barclay Group billionaire ...