Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Wibu-Systems to Showcase Scalable Software Protection and Licensing at Embedded World 2026

Wibu-Systems will exhibit at Embedded World 2026 to present a unified approach to securing embedded innovation across device ...

What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.
The Caledonian-Record

Elastic Introduces Best-in-Class Embedding Models for High Performance Semantic Search

Elastic (NYSE: ESTC), the Search AI Company, today announced the availability of jina-embeddings-v5-text, a family of two small, Elasticsearch-native multilingual embedding models at 0.2B and 0.6B ...
SecurityWeek

Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration

Vulnerabilities in PDF platforms from Foxit and Apryse could have been exploited for account takeover, data exfiltration, and other attacks.
The Hacker News

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

Pakistan-aligned APT36 and SideCopy target Indian defense and government entities using phishing-delivered RAT malware across Windows and Linux system ...

The business case against credit card rate caps and routing mandates

At first glance, proposals like the Credit Card Competition Act and President Donald Trump’s idea to cap credit card interest ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...