The Hacker News

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Despite more than a month after ...
thecyberexpress

Russian APT28 Exploit Zero-Day Hours After Microsoft Discloses Office Vulnerability

Ukraine’s cyber defenders warn Russian hackers weaponized a Microsoft zero-day within 24 hours of public disclosure, targeting government agencies with malicious documents delivering Covenant ...
ZDNet

7 open-source apps I'd happily pay for - because they're that good

There are tons of brilliant open-source apps. You'll find open-source titles for Linux, MacOS, and Windows. Some of these apps are so good, they should have a price tag. Since I started my journey ...
Infosecurity-magazine.com

Researchers Uncover 454,000+ Malicious Open Source Packages

Security researchers have warned that the open source ecosystem has become a “structural risk,” after revealing another surge in malicious packages last year. Sonatype said in its 2026 State of the ...
Business Insider

ReversingLabs 2026 Software Supply Chain Security Report Identifies 73% Increase in ...

CAMBRIDGE, Mass., Jan. 27, 2026 (GLOBE NEWSWIRE) -- ReversingLabs (RL), the trusted name in file and software security, today released its fourth annual Software Supply Chain Security Report. The 2026 ...
InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses ...

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ‘the JavaScript ecosystem deserves better.’ Javascript developers should ...
Bleeping Computer

Exploit code public for critical FortiSIEM command injection flaw

Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security Information and Event Management (SIEM) solution that could be leveraged by a ...
AZ Central

Would you pay $50,000 for this hotel's swanky Phoenix Open experience?

A Michelin Key hotel in Phoenix is offering a VIP package for golf fans attending the WM Phoenix Open in Scottsdale, with many luxe perks included. It costs $50,000 for two people. That's just under ...
Searchenginejournal.com

WooCommerce WordPress Plugin Exploit Enables Fraudulent Charges

The WooCommerce Square plugin enables WordPress sites to accept payments through the Square POS, as well as synchronize product inventory data between Square and WooCommerce. Square plugin enables a ...
Game Rant

ARC Raiders Players Have Found a New Exploit That Gives PC Player an Unfair Advantage

Pam's Colecovision was her babysitter, from the age of 4 or 5, but the family only had one game. Over and over, hour after hour, she'd climb and jump through the three levels of Donkey Kong. But the ...
dlnews

Truebit hit by $26m exploit as attackers increasingly target older DeFi protocols

Truebit suffers a $26 million exploit. It comes as attacks targeting older DeFi protocols increase. Truebit, an Ethereum-based verification protocol, has been left reeling after a hacker stole $26 ...
SecurityWeek

Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure

Fresh attacks targeted three VMware ESXi vulnerabilities that were disclosed in March 2025 as zero-days. A Chinese threat actor built an exploit for three VMware ESXi vulnerabilities that were patched ...