The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
InfoWorld

8 cutting-edge web development tools you don’t want to miss

Eight innovative tools that are reimagining web applications and how we build them. Welcome to the Great Unbloating.

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
Tech Times

Fake Claude Code Installers on 32 Live Sites Steal Developer API Keys via Google Ads

Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.

How to Cut AI API Costs by 80%: AI.cc Publishes Step-by-Step Token Optimization Guide for Engineering Teams

SINGAPORE, SINGAPORE, SINGAPORE, May 28, 2026 /EINPresswire.com/ -- Free guide draws on analysis of 2.4 billion API ...
Bleeping Computer

Credit card theft campaign abuses Stripe to host stolen payment info

A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. The entire malicious activity relies on Google Tag ...
The Caledonian-Record

Bitget Wallet Opens Tokenized Stock and RWA Trading to API Partners

Bitget Wallet, a self-custodial wallet and everyday finance app, has upgraded its DEX Aggregator API to support market-order trading of ...
Tech Times

Cloudflare Buys VoidZero: Vite’s 130M Weekly Users Get a New Vendor-Neutrality Pledge

Cloudflare VoidZero acquisition gives a competing CDN governance of Vite, the open source JavaScript build tool with 130 ...
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

18 Minnesota companies make Fortune 500 as state adds one to roster

Minnesota gained strength on this year's Fortune 500 list, with 18 companies based here included on the prestigious ranking — ...

Fingerprint Launches Automation Intelligence API and AI Assistant Detection, Delivering the Industry’s Most Complete View of AI Traffic

Fingerprint, a leader in device intelligence, today launched the preview release of AI Assistant Detection and the Automation ...