CSO Online

Webrat turns GitHub PoCs into a malware trap

The known RAT aimed at gamers is now targeting security professionals searching GitHub for PoCs and exploit codes.

Dangerous WebRAT malware now being spread by GitHub repositories

Cybersecurity researchers Kaspersky said they found 15 malicious repositories hosted on GitHub. These repositories, ...
SecurityWeek

From Open Source to OpenAI: The Evolution of Third-Party Risk

Software supply chain attacks are evolving as open source and AI-generated code introduce new third-party risks. Learn how ...
Security Boulevard

Denial-of-Service and Source Code Exposure in React Server Components

In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...

Google links more Chinese hacking groups to React2Shell attacks

Over the weekend, ​Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the ...
ZDNet

Use AI browsers? Be careful. This exploit turns trusted sites into weapons - here's how

Researchers disclosed a HashJack attack that manipulates AI browsers. Cato CTRL examined Comet, Copilot for Edge, and Gemini for Chrome. Could lead to data theft, phishing, and malware downloads.
financefeeds

Shai Hulud Malware Hits 400+ JavaScript Packages in Major NPM Supply-Chain Attack

What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...
Bleeping Computer

New ‘IndonesianFoods’ spammer floods npm with 150,000 packages

Article and title updated to remove the term "worm". See update below. An auto-spamming payload published on npm spams the registry by spawning new packages every seven seconds, creating large volumes ...
Game Rant

PSA: Use This Arc Raiders Queen Exploit Before It Gets Patched

Josh Cotts is a Senior Contributor at Game Rant. He graduated Summa Cum Laude from Arizona State University in 2019 with a B.A. in Mass Communications & Media Studies and has been commended since ...
GameSpot

Battlefield 6 And Redsec 1.1.1.5 Update Patches Out An Infamous Exploit

GameSpot may get a commission from retail offers. Battlefield 6 and the battle royale game Redsec are getting a new update on November 11, featuring a number of quality-of-life updates and bug fixes.
Game Rant

Battlefield 6's Most Annoying Exploit is Finally Being Fixed

Daniel is a News Writer from the United Kingdom. Relatively new to the industry with almost three years of experience, he has focused on establishing himself in the gaming space. While he focuses on ...
InfoWorld

Malicious npm packages contain Vidar infostealer

Malicious code continues to be uploaded to open source repositories, making it a challenge for responsible developers to trust what’s there, and for CISOs to trust applications that include open ...