The Hacker News

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Chrome CVE-2026-0628 let malicious extensions hijack Gemini panel for privilege escalation, local file access, and ...

Automation tool n8n: Updates patch code injection flaws

In the automation tool n8n, eleven security vulnerabilities have been discovered. Three of these are considered critical ...
CSO Online

VMware fixes command injection flaw in Aria Operations

Two other flaws were patched by the virtualization vendor, impacting Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure as well.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...

This high-severity Chrome Gemini vulnerability lets malicious extensions spy on your PC

A bug in Google Chrome's Gemini AI feature could expose your data or allow attackers to monitor you. Here's how to stay protected.
CSO Online

Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a ...

When Do You Need to Call a Tree Doctor?

You probably aren’t watering or pruning the 75-foot oak or maple in the front yard, but mature trees aren’t maintenance free.
InfoWorld

New npm worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.

BeyondTrust Remote Support exploitation ramps up with backdoors, remote tools

A critical vulnerability in BeyondTrust Remote Support is facing an increase in threat activity, with hackers deploying SparkRAT and vShell backdoors and using remote management tools to conduct ...