The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...
CSO Online

New ‘StoatWaffle’ malware auto‑executes attacks on developers

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, ...

PolyShell attacks target 56% of all vulnerable Magento stores

Attacks leveraging the 'PolyShell' vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are ...

CISA orders feds to patch DarkSword iOS flaws exploited attacks

CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage ...
Infosecurity Magazine

CISA Orders US Government to Patch Maximum Severity Cisco Flaw

The US Cybersecurity and Infrastructure Security Agency (CISA) has told all federal civilian agencies to patch a critical ...
CSO Online

Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch ...
The Hacker News

TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

TA446 used leaked DarkSword on March 26 to target iOS devices, prompting Apple alerts and widening mobile espionage risks.

Straiker Secures Agents Building Agents

Straiker, the fastest-growing agentic security company, today launched Discover AI and expanded Defend AI to secure coding ...
Security Boulevard

An Evolving GlassWorm Malware is Making the Rounds of Code Repositories

GlassWorm is evolving. Security researchers say the malware, which infiltrates code repositories with malicious extensions, can now deploy a RAT, is targeting MCP servers, and has a new way of moving ...

CERT-In warns Apple iPhone, iPad, Mac and Watch users of security flaws: Affected devices and what you should do

CERT-In has flagged security flaws in Apple devices, urging users to update iPhone, iPad, Mac, and Watch software to prevent ...
Developer Tech

Isolating dynamic AI agent code execution with Cloudflare’s API

Securing dynamic AI agent code execution requires true workload isolation—a challenge Cloudflare’s new API was built to solve ...

The FBI Just Named 18 Popular Routers Targeted By A Massive Malware Operation

The FBI recently revealed that thousands of devices had been compromised by a cybercrime network, and several models were ...