The Hacker News

⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More

Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a ...

Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...

Amazon cuts another 9,000 jobs. See our list of companies that have announced layoffs this ...

Amazon plans to eliminate 9,000 more jobs in the next few weeks, CEO Andy Jassy said in a memo to staff on Monday.
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Another bug hunter leaks Microsoft exploits in defiance of company’s handling of ...

D Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...

Three dead after Royal Navy helicopter crashes into a field in Devon

A Royal Navy helicopter has been destroyed in a fireball after crashing into a field in Devon. Witnesses described hearing a ...
Tech Times

SVG Phishing Emails Bypass Email Security: SANS Flags New MIME-Type Evasion

SVG phishing email attacks are bypassing enterprise email security gateways by hiding JavaScript inside image files and ...

Open AI、「Codex」アプリによるWindowsデスクトップ操作を可能に ...

「Computer ...
Hackaday

This Week In Security: Ubiquiti Fixes, And FreeBSD Joins The Club You Don’t Want To Join

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...

Web browsers can spy on information via SSD access times

IT researchers have demonstrated a side-channel attack called "FROST" where browsers can spy on user behavior via SSD access times.

Researchers found a way to spy on your browsing by watching your SSD's activity

The method, known as FROST – short for "fingerprinting remotely using OPFS-based SSD timing" – focuses on how different processes compete for storage access. That competition ...