The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
GitHub

sealance-io/setup-leo-action

This action deliberately does not support pre-built binaries because ProvableHQ's releases lack cryptographic verification. See docs/THREAT_MODEL.md for the detailed threat model.
Windows Latest

Microsoft reveals what happens to Windows 11 PCs if you ignore the Secure Boot deadline in June 2026

The clock is ticking on one of the most fundamental security architectures inside your PC. In June 2026, the original Secure Boot certificates that have governed Windows hardware since 2011 will ...
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...
IEEE

Blockchain-Powered e-Wallet: Enhancing Security and Fraud Detection in Online Payments

Abstract: Cashless payment has been emphasized in many countries, especially since the outbreak of the COVID-19 pandemic. Various payment methods have emerged, among which electronic wallets ...
Bleeping Computer

Google accidentally exposed details of unfixed Chromium flaw

Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background even when the browser is closed, allowing remote code execution on the device.