Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

âš¡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

This week’s recap covers exploited flaws, supply chain attacks, phishing kits, AI lures, macOS stealers, urgent CVEs, tools, ...

I've reviewed every PDF editor out there - then I had ChatGPT build me a better one

The smartest way to use AI may not be letting it interact with your files, but asking it to write software that handles them ...
The Hacker News

âš¡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More

Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a ...
PC Magazine

Android 17 Beta 4.1 Is Now Live: Here's Every Feature You Can Test and Eligible Phones

Last month, Google offered a deeper dive into Android 17 during The Android Show, but it saved some of the best features for Google I/O. A stable version of the mobile OS is expected this summer, but ...
Android Police

Instagram finally embarrassed Android into fixing its biggest camera problem

I’ve been covering Android since 2023, when I joined Android Police, mostly focusing on AI and everything around Pixel and Galaxy phones. I’ve got a bachelor’s in IT with a major in AI, so I naturally ...
ZDNet

How I turned my old Android phone into a Wi-Fi extender - and fixed dead spots at home

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
New Scientist

Pancreatic cancer halted by virus injection in three patients

A virus has stopped pancreatic cancer in its tracks in three people in a clinical trial in the US. Further evaluation is needed in larger trials, but the early results are encouraging, especially ...
Ars Technica

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source Java testing app to sabotage projects performed by AI coding agents. The ...
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...