The Hacker News

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

Critical vulnerabilities in four widely used VS Code extensions could enable file theft and remote code execution across 125M ...
InfoWorld

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

Scientists discover how life began before Earth’s first universal ancestor

Living organisms share an ancestor called the last universal common ancestor, or LUCA. LUCA is estimated to have lived ...

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...

Google fears massive attempt to clone Gemini AI through model extraction

The company identified over 100,000 prompts it suspects were intended to extract proprietary reasoning capabilities.
The Hacker News

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer

SmartLoader campaign spreading StealC via a trojanized Oura MCP server using fake GitHub forks to steal credentials and ...
Infosecurity Magazine

OysterLoader Evolves With New C2 Infrastructure and Obfuscation

A multi-stage malware loader known as OysterLoader has continued to evolve into early 2026, refining its command-and-control (C2) infrastructure and obfuscation methods.

OpenAI Warns Congress on DeepSeek Distillation Tactics

Memo to House China committee cites obfuscated methods, chip scrutiny, and 2.8 million H800 GPU hours for R1 training.

Leaky Chrome extensions with 37M installs caught divulging your browsing history

Hundreds of popular add‑ons used encrypted, URL‑sized payloads to send search queries, referrers, and timestamps to outside servers, in some cases tied to data brokers and unknown operators.

OpenAI says China's DeepSeek trained its AI by distilling US models, memo shows

OpenAI has warned U.S. lawmakers that Chinese artificial intelligence startup DeepSeek is targeting ‌the ChatGPT maker and ...

OpenAI claims DeepSeek distilled US models to gain an edge

In the memo, sent Thursday to the House Select Committee on China, OpenAI said that DeepSeek had used so-called distillation techniques as part of “ongoing efforts to free-ride on the capabilities ...