The Hacker News

⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More

Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a ...
Tech Times

Red Hat npm Packages Compromised, 57 More Follow: Signed Attestations Cannot Block Pipeline Hijack

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...
Opinion
Foreign AffairsOpinion

China’s AI Heist

A new front has opened in the U.S.-China competition in artificial intelligence: open-weight, local AI models. Until recently, the most capable AI models were too big and too costly to run anywhere ...
Wired

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the ...
CNBC

Trump's face doesn't belong on U.S. passport, senators tell Rubio

In a letter first shared with CNBC, a group led by Democratic senators called on Secretary of State Marco Rubio to halt a plan to put President Donald Trump's face on U.S. passports. Trump has made a ...
InfoWorld

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of ...
TechCrunch

Open source tool maker Grafana Labs says hackers stole its code, refuses to pay ransom

Grafana Labs, the maker of its eponymous popular open source web visualization software, confirmed it had been hacked but that it refused to pay the hackers who had threatened to release the company’s ...
Engadget

YouTube's AI deepfake detection tool is now available to all creators 18 and older

In the coming weeks, YouTube is giving all creators 18 and over access to a tool that can detect whether their likeness has been copied and used in AI videos uploaded to the website. Team YouTube made ...
Times Union

Revolutionary War soldier’s face recreated at State Museum

Bioarchaeologists at the State Museum Lisa Anderson, Julie Weatherwax and their colleagues are used to looking at skeletons—boxes of teeth, fragments of femurs and tibias, a partial skull. But with ...
GitHub

Stealth Chromium that passes every bot detection test.

Not a patched config. Not a JS injection. A real Chromium binary with fingerprints modified at the C++ source level. Antibot systems score it as a normal browser — because it is a normal browser.
MacRumors

A Closer Look at watchOS 26.5's New Luminance Watch Face

With watchOS 26.5, Apple is introducing a Pride Luminance face, and it's one of the most versatile and customizable watch faces. There are pre-configured color options, but the face also supports ...
CSOonline

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code to escape the container and do nasty things to IT environments. As a result, ...