The Hacker News

Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues

Microsoft confirms it temporarily removed GitHub repos after Miasma worm compromised 73 of its open-source projects to inject ...
The Hacker News

ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

Weekly ThreatsDay recap: old bugs, fake tools, shady payload tricks, AI mishaps, and the usual reminder that the internet is ...
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
GitHub

ATR-2026-00378-chatgpt-dom-javascript-redirect-manipulation.yaml

Detects ChatGPT DOM manipulation JavaScript from garak DanInTheWild corpus (#360). Injects JavaScript that redirects to the ChatGPT paid model URL (text-davinci-002-render-paid), removes legitimate UI ...

CBSE Cybersecurity Put To The Test: 19-Year-Old Ethical Hacker Flags 'OSM Portal Flaws', Board Rejects Claims

CBSE says that a URL mentioned in social media posts on the 'hacking' incident was only a testing platform containing sample ...
The New York Times

A Powerful H.I.V. Drug Lands in Zambia. But Will It Reach Those Who Need It?

Lenacapavir, which protects people from H.I.V. infection with twice-yearly shots, is arriving in a country where the health system has been hollowed out by American aid cuts. By Stephanie Nolen ...
Oneindia

Technical Internship Programme 2026

TIP (Technical Internship Programme) details including status check, eligibility, benefits, premium rates and how to apply online in India only on Oneindia ...
techtimes

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...
GitHub

Stealth Chromium that passes every bot detection test.

Not a patched config. Not a JS injection. A real Chromium binary with fingerprints modified at the C++ source level. Antibot systems score it as a normal browser — because it is a normal browser.
DATAQUEST

India's AI surge exposes software supply chain security gaps

India's software supply chain security challenge is deepening as AI expands the attack surface while many enterprises lack detection and protection tools.