The Hacker News

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

Adobe Reader zero-day exploited since Dec 2025 via malicious PDFs, enabling data theft and potential RCE, prompting urgent ...
InfoWorld

Visual Studio Code 1.115 introduces VS Code Agents app

Preview of new companion app allows developers to run multiple agent sessions in parallel across multiple repos and iterate ...
Bleeping Computer

AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code

The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. The payload can intercept cryptocurrency wallet addresses entered on ...
Dark Reading

Claude Source Code Leak Highlights Big Supply Chain Missteps

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.
Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...
Cybernews

Critical Adobe Reader zero-day lets PDFs steal files, may have been active for months

A newly discovered Adobe Reader zero-day vulnerability allows malicious PDF files to steal local data and potentially lead to ...
Techlomedia

Google Fixes Critical Chrome Bugs That Could Allow Remote Code Execution

Google has rolled out a new update for its Chrome browser, fixing several serious security issues. The latest version, Chrome ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
The Hacker News

Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs

Iran-linked actors target U.S. PLCs using Dropbear and SSH access, disrupting OT systems across sectors and escalating cyber ...

Hackers compromise popular Axios Javascript library with hidden malware

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...

From the back fields of Jupiter to front and center on Cardinals.TV, Dani Wexelman has ...

In a recent social media post, baseball broadcaster and reporter Dani Wexelman shared a photo of her interviewing Matthew ...

Claude Code Source Code Leak: Did Anthropic reveal its secret AI models? What it means for developers and users

Claude Code Source Code Leak Anthropic: Analysts believe the leak could impact the company’s reputation, especially as it is ...