The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...
Hackaday

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...
Cybernews

Ubiquiti rushes out emergency fix for critical bug in UniFi Network Application

Ubiquiti has released emergency updates for its UniFi Network Application – a critical vulnerability allows hackers to ...
wwmt

'Be prepared': Expert warns of more Iranian-linked cyberattacks after Stryker hack

After months of censures and an investigation of Kalamazoo Township's treasurer, the board is now looking for a new person to fill that role. Third 'No Kings' protest planned, protesters express ...
Wired

How ‘Handala’ Became the Face of Iran’s Hacker Counterattacks

Amid a paralyzing breach of medical tech firm Stryker, the group has come to represent Iran's use of “hacktivism” as cover for chaotic, retaliatory state-sponsored cyberattacks. Even among American ...
The Hill

Iran-linked hackers take credit for cyberattack on US medical equipment company Stryker

The attack disrupted operations for thousands of employees who were unable to access company systems, The Wall Street Journal reported. Nexstar’s WOOD reported that Iranian-linked cyber group Handala ...
The Hacker News

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure

High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, ...