The Hacker News

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

FROST uses JavaScript and OPFS SSD timing to identify websites at 88.95% F1, exposing cross-browser privacy leaks.

Microsoft patches Exchange Server zero-day exploited in attacks

Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary ...
GovInfoSecurity

Mastra AI Framework Poisoned in npm Supply-Chain Attack

The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

WordPress Plugins: Supply Chain Attack Puts 1.2 Million Sites at Risk

In a supply chain attack, attackers install backdoors through the WordPress plugins OptinMonster, TrustPulse, and PushEngage.
MSN on MSN

This JavaScript risk could cost developers dearly

Recently, npm, the essential package manager used by developers worldwide, suffered a massive supply chain attack. This ...
Telegraph Herald

Russian attack sets fire to centuries-old religious site in Kyiv and kills 5 in Kharkiv

A large-scale Russian attack on Ukraine killed five rescuers in Kharkiv and wounded at least 13 people in the capital Kyiv on Monday as strikes set apartment ...

'Unduly lenient' sentence for Henry Nowak's murderer referred to Court of Appeal

The sentence of Vickrum Digwa for the murder of Henry Nowak has been referred to the Court of Appeal for being "unduly ...

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows ...

Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...
Telegraph Herald

FBI disrupts a planned attack on the White House UFC cage-fighting show, court papers say

Law enforcement officials disrupted a planned attack targeting the UFC cage-fighting show staged at the White House this past weekend, according to court papers unsealed Tuesday that say ...