Why Secrets in JavaScript Bundles are Still Being Missed
Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find…
Category: TheHackerNews
Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers
Ravie LakshmananJan 20, 2026Web Security / Vulnerability Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment (ACME) validation logic that made it…
Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion
Ravie LakshmananJan 20, 2026Cryptocurrency / Artificial Intelligence A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down…
Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites
Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and…
New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs
Ravie LakshmananJan 19, 2026Hardware Security / Vulnerability A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details…
The High (and Hidden) Costs for Cloud-First Businesses
Just a few years ago, the cloud was touted as the “magic pill” for any cyber threat or performance issue. Many were lured by the…
CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures
Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately…
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations
Ravie LakshmananJan 19, 2026Malware / Threat Intelligence Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of…
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Ravie LakshmananJan 17, 2026Law Enforcement / Cybercrime Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS)…
OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans
Jan 17, 2026Ravie LakshmananArtificial Intelligence / Data Privacy OpenAI on Friday said it would start showing ads in ChatGPT to logged-in adult U.S. users in…
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection
Jan 16, 2026Ravie LakshmananMalvertising / Threat Intelligence The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that’s designed…
Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts
Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like…