Wikipedia hit by self-propagating JavaScript worm that vandalized pages

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.

Google Says Disavow Links If You’re Conflicted And Need To Be Sure

Google's John Mueller affirmed that most sites don't need to use a disavow file but if you're conflicted about possible ...

QuickLens Chrome extension steals crypto, shows ClickFix attack

A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was ...

Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.
Cybernews

AI-driven hacking uses booking.com and Microsoft Teams in vibe coding and “flat pack” malware campaigns

AI is helping cybercriminals to rapidly assemble malware with flat-pack efficiency. It’s almost like buying a sofa from Ikea, ...
MIT Technology Review

The Download: The startup that says it can stop lightning, and inside OpenAI’s Pentagon deal

This is today's edition of The Download, our weekday newsletter that provides a daily dose of what's going on in the world of technology.
Microsoft

Signed malware impersonating workplace apps deploys RMM backdoors

Signed malware backed by a stolen EV certificate deployed legitimate RMM tools to gain persistent access inside enterprise ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...
GitHub

Barrel file removal tool for JavaScript & TypeScript projects (ESM-only).

Barrel files are convenient, but they often come with trade-offs including: Performance and memory: they artificially inflate the module graph and slow down startup times, HMR, and CI pipelines.
GitHub

sawyer-shi/dify-plugins-tencent_cos

A powerful Dify plugin providing seamless integration with Tencent Cloud Object Storage (COS). Enables direct file uploads to Tencent Cloud COS and efficient file retrieval using URLs, with rich ...