The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

A major hacking tool has leaked online, putting millions of iPhones at risk. Here’s what you need to know

Here’s what we know, and what you need to know, about Coruna and DarkSword, two advanced iPhone hacking tools discovered by ...
The Hacker News

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

WebRTC skimmer exploits PolyShell flaw since March 19, hitting 56.7% stores, enabling stealth data theft bypassing CSP.
DataBreachToday

LiteLLM Hit in Cascading Supply-Chain Attack

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

iPhone exploit DarkSword has been released in the wild: How to protect yourself

Uh-oh. Now anyone can easily use it.

Someone has publicly leaked an exploit kit that can hack millions of iPhones

Leaked "DarkSword" exploits published to GitHub allow hackers and cybercriminals to target iPhone users running old versions ...

Huge numbers of web stores are facing attack from this dangerous new malware

PolyShell vulnerability in Magento/Adobe Commerce mass exploited, hitting over half of vulnerable stores Attackers deploy ...
The Financial Express

Somebody publicly posted an iPhone hack kit that puts millions of you at risk

Once a victim is exposed to a malicious link, the exploit gains filesystem access and exfiltrates data to an ...

PolyShell attacks target 56% of all vulnerable Magento stores

Attacks leveraging the 'PolyShell' vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are ...

This popular app builder has been hijacked to steal Microsoft account details - here's what we know

Bubble.io's good name is being tarnished by advanced and convincing phishing lures.

Tax-themed malvertising campaign targets users searching for W-2 and W-9 forms

Be careful doing your taxes this Tax Day - the top google result might not be what you want.

Your iPhone could be at risk if it’s not updated

A leaked exploit kit capable of hacking iPhones is now public, potentially putting millions of devices at risk—especially those running outdated software versions.