The Hacker News

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

FROST uses JavaScript and OPFS SSD timing to identify websites at 88.95% F1, exposing cross-browser privacy leaks.

Suspicious Polyfill login prompts pop up on Toshiba, Muji websites

Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could ...
Visual Studio Magazine

Using Local AI to Cut Copilot Usage-Based Billing Shock

After being gobsmacked by the new billing plan using almost all my monthly credits in one or two days, I tried pushing some Copilot-style coding work onto local models in VS Code. What I found was ...

WebMCP Can Be Used To Hijack AI Agents, Chrome Warns

Chrome's WebMCP guidance warns that AI agents can be manipulated through the tools they are built to trust.
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Hybrid work prompts Brinks to cut HQ size 80%

"We needed less space, but more value per square foot in the space," said Dinesh Kalwani, senior vice president and chief ...

Knife attack prompts fiery, violent anti-immigrant protests in Belfast

On Monday night, Belfast police battled hundreds of protesters who set fire to cars, buses, homes and businesses belonging to ...
Infosecurity Magazine

New “Agentjacking” Attacks Could Hijack AI Coding Agents

Tenet Security researchers reveal how new “agentjacking” attacks could trick coding agents into executing arbitrary code ...
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...

FBI dismantles Chinese phishing service that coached buyers to generate scam sites using AI —$88 cybercrime...

The FBI, Google, and Lumen Technologies say they’ve dismantled a China-based phishing-as-a-service operation called Outsider Enterprise.

Republic National Distributing warns of 50+ layoffs at NC locations in Charlotte, Raleigh

Preview this article 1 min Republic National Distributing Co. plans to cease operations at facilities in Charlotte and ...