The Hacker News

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

This week’s recap covers exploited flaws, supply chain attacks, phishing kits, AI lures, macOS stealers, urgent CVEs, tools, ...
Decrypt

AI Agent Rekts Dev on Bogus Scan, Leaves Them Begging for Crypto Donations

A hobbyist network handed an autonomous agent a masterclass in why you don't give an AI agent a credit card and a deadline.
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
latesthackingnews.com

Reverse Shell Explained: Setup, Attack Chain, and Detection

A reverse shell makes the target machine initiate the connection back to the attacker, bypassing firewalls that only filter ...
CSO Online

Google’s Vertex AI SDK could allow RCE through bucket squatting

Google reportedly patched a flaw in the Vertex AI SDK for Python that could allow attackers to hijack model uploads and ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

ESET found two Windows SprySOCKS variants with 30+ commands, C2 over TCP, UDP, and WebSocket, and government targets in 4 ...
The Escapist

Pokémon GO scan controversy resurfaces after Niantic Spatial defense partnership

Earlier this year, concerns were raised after it emerged that billions of images and scans contributed by Pokémon GO players had helped train a growing geospatial AI platform. Table of Contents A ...
SlashGear

The 4 Best QR Scanner Apps For Android

The Quick Response code, more popularly referred to as a QR code, has really taken off in recent years, and it's easy to see why. Though COVID-19 helped mainstream it, these codes make sharing ...

ESET Research: China-aligned FishMonger updates its arsenal, targets governments in Asia and Latin America

ESET Research discovered two previously undocumented Windows variants of FishMonger’s SprySOCKS backdoor.ESET telemetry shows activity between ...