The Hacker News

Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages

Security researchers found 3 npm packages that installed NodeCordRAT malware, stealing browser data, crypto wallet secrets & ...
InfoWorld

From typos to takeovers: Inside the industrialization of npm supply chain attacks

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, credential-driven supply chain compromises — exploiting CI systems, ...
InfoWorld

Open WebUI bug turns the ‘free model’ into an enterprise backdoor

The bug allows attacker-controlled model servers to inject code, steal session tokens, and, in some cases, escalate to remote ...

Claude Code 2.1.0 arrives with smoother workflows and smarter agents

Claude Code 2.1.0 arrives in the midst of a significant shift in developer behavior. Originally built as an internal tool at ...
InfoQ

TanStack Releases Framework Agnostic AI Toolkit

Introducing TanStack AI: a revolutionary, framework-agnostic toolkit empowering developers with unparalleled control over ...
The Hacker News

⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More

First 2026 cyber recap covering IoT exploits, wallet breaches, malicious extensions, phishing, malware, and early AI abuse.

Max severity Ni8mare flaw lets hackers hijack n8n servers

A maximum severity vulnerability dubbed "Ni8mare" allows remote, unauthenticated attackers to take control over locally ...
Security Boulevard

What are Refresh Tokens? Complete Implementation Guide & Security Best Practices

Learn how refresh tokens work in enterprise SSO. This guide covers implementation, rotation, and security best practices for CIAM systems.