The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
SecurityWeek

Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration

Vulnerabilities in PDF platforms from Foxit and Apryse could have been exploited for account takeover, data exfiltration, and other attacks.
Indianapolis Business Journal

Medical spas, compounded drugs in focus as Indiana lawmakers hear warnings — and pushback

A fast-growing corner of Indiana’s health care marketplace could soon face its first statewide regulatory framework.

When AI Systems Can Act, Prompt Injection Becomes A Security Risk

The moment an AI system can read internal systems, trigger workflows, move money, send emails, update records or approve actions, the risk profile changes.
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Reaction and analysis from Ireland's team announcement

Catch up on updates from Ireland's team announcement and Andy Farrell's press conference ahead of Saturday's Six Nations game ...
The Hacker News

⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More

Zero-day exploits, AI-driven Android malware, firmware backdoors, password manager trust gaps, rising DDoS define this week’s critical cyber threats.

Influencers are promoting peptides for better health. What does the science say?

The latest wellness craze involves injecting these molecules for athletic performance, longevity and more. Scientists say the ...