The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until Feb 19, 2026 fix.

A major hacking tool has leaked online, putting millions of iPhones at risk. Here’s what you need to know

Here’s what we know, and what you need to know, about Coruna and DarkSword, two advanced iPhone hacking tools discovered by ...
The Hacker News

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

WebRTC skimmer exploits PolyShell flaw since March 19, hitting 56.7% stores, enabling stealth data theft bypassing CSP.

Huge numbers of web stores are facing attack from this dangerous new malware

PolyShell vulnerability in Magento/Adobe Commerce mass exploited, hitting over half of vulnerable stores Attackers deploy ...
DataBreachToday

LiteLLM Hit in Cascading Supply-Chain Attack

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

This popular app builder has been hijacked to steal Microsoft account details - here's what we know

Bubble.io's good name is being tarnished by advanced and convincing phishing lures.
Cyber Daily

Justice: Russian hackers arrested, jailed by Russian & US authorities

Hackers cop jail time and handcuffs in relation to separate incidents involving a popular hacking forum and operating a ...
CyberGuy

DarkSword leak puts millions of iPhone users at risk

Leaked DarkSword code makes iPhones on older iOS easy targets. See who is at risk and how to protect your device right now.
Indiatimes

iPhone hacked risk rises after Coruna and DarkSword leak online - Here's the details

A leaked hacking tool called Coruna and DarkSword is putting millions of iPhone users at risk of getting their iPhone hacked. Users with outdated software are the most vulnerable, so updating your ...