The Hacker News

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

North Korean hackers abuse Visual Studio Code task files in fake job projects to deploy backdoors, spyware, and crypto miners ...
GitHub

is-my-code-great

- name: is my code great? uses: alienengineer/is-my-code-great@v0 with: base-branch: main # Optional, set to the branch you want to compare against verbose: true ...

This WebUI vulnerability allows remote code execution - here's how to stay safe

Open WebUI carried CVE-2025-64496, a high-severity code injection flaw in Direct Connection features Exploitation could enable account takeover and RCE via malicious model URLs and Functions API ...
New York Post

Apple patches two zero-day flaws used in targeted attacks

The company described the activity as an “extremely sophisticated attack” aimed at specific individuals. Although Apple did not identify the attackers or victims, the limited scope strongly suggests ...
Bleeping Computer

WebRAT malware spread via fake vulnerability exploits on GitHub

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. Previously spread through pirated software ...
The Hacker News

Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances

A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances. The ...
GitHub

Umbraco CMS has an arbitrary file upload vulnerability

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack Vector: This metric reflects the context by which vulnerability ...