The Hacker News

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

Adobe Reader zero-day exploited since Dec 2025 via malicious PDFs, enabling data theft and potential RCE, prompting urgent ...
SecurityWeek

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found ...
Security Boulevard

Google Says North Korea Was Behind the Axios npm Supply Chain Attack

A supply chain compromise involving the widely used JavaScript package Axios is now being tied to a North Korea-linked threat actor, turning what already looked like a serious open-source incident ...
Startup Fortune

North Korean Hackers Weaponize Axios Software to Target US Crypto Firms

North Korean hackers compromised the widely used Axios JavaScript library to infiltrate US companies and steal cryptocurrency ...

Source Code for Anthropic’s Claude Code Leaks at the Exact Wrong Time

After details of a yet-to-be-announced model were revealed due to the company leaving unpublished drafts of documents and ...
XDA Developers on MSN

Google kept featuring this Chrome extension for months after it turned malicious

How can an extension change hands with no oversight?
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
IEEE

Feistel-PUF: Sequential Obfuscation-Based Machine Learning Attack-Resistant Physical ...

Abstract: Device authentication protocols based on a strong physical unclonable function (PUF) show promise for enhancing Internet of Things (IoT) security. However, a strong PUF is vulnerable ...
GitHub

Statsly-org/St3ix-Obfuscator

A Java bytecode obfuscator that transforms JAR files to make decompilation harder. Class names (including homoglyphs and invisible chars), numeric constants, booleans, strings, and array dimensions ...

ThreatDown Uncovers First Cyber Attack Abusing Deno JavaScript Runtime for Fileless Malware ...

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...