The Hacker News

New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale

Researchers detail new AI and phishing kits that steal credentials, bypass MFA, and scale attacks across major services.
The Hacker News

Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work

Enterprises rely on browser-based GenAI, increasing data-exposure risks and demanding strict policies, isolation, and ...
The Hacker News

CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

CISA reports active exploitation of GeoServer XXE flaw CVE-2025-58360 and directs immediate updates to secure affected ...
The Hacker News

React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation

CISA warns that attackers are actively exploiting the React2Shell CVE-2025-55182 flaw, urging fast patching across vulnerable ...
The Hacker News

Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads

PyStoreRAT spreads via fake GitHub tools using small Python or JavaScript loaders to fetch HTA files and install a modular RAT.
The Hacker News

New React RSC Vulnerabilities Enable DoS and Source Code Exposure

The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure.