Wikipedia hit by self-propagating JavaScript worm that vandalized pages

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages ...

Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal ...

Introducing Smart Import(TM), RightCapital’s Revolutionary AI-Powered Tool to Reduce the Time to Manually Input Plan Data by 70%

Smart Import's new AI features enable advisors to create new and update existing financial plans faster than ever ...

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

All of the execution paths identified by its research team are designed to trigger during the Next.js devs' normal working ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Moonrise RAT Detected: Go-Based Threat Raises Risk of Data Loss and Operational Disruption

DUBAI, DUBAI, UNITED ARAB EMIRATES, February 24, 2026 /EINPresswire.com/ -- ANY.RUN researchers have identified ...
Hoodline

Memphis Man Charged After Uploading 700+ Child Porn Files

A Memphis man is facing serious charges after investigators say an online account tied to him uploaded more than 700 files of child sexual abuse material to Google. Court records identify the suspect ...

Lawyer suggests 'occult activity' as theories on Epstein files spread

A South Florida attorney says recent Epstein files point to occult activity on his private island. What do the documents say?
thecyberexpress

Acting CISA Chief Flagged for Uploading Sensitive Government Files Into ChatGPT

The acting head of the federal government’s top cyber defense agency triggered an internal cybersecurity warning last summer after uploading sensitive government documents into a public version of ...
The Hacker News

Why Secrets in JavaScript Bundles are Still Being Missed

Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what traditional ...
IEEE

Beyond the Upload Button: A 10-Year Retrospective on Security Issues Within File Upload

Abstract: File upload is a convenient feature offered by a plethora of applications and communication services in various interesting application contexts, such as IoT devices, smart home systems, and ...
CSOonline

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not properly validated. A now-fixed critical flaw in the jsPDF library could ...