The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

Helium May Just Be the Browser You’ve Been Looking For

There’s a new browser in town, and it combines something familiar with something new. It’s called Helium, and you’re going to ...
eWeek

Gemini in Chrome Rolls Out Across APAC, Bringing Browser AI to Millions of Users

Google is rolling out Gemini in Chrome across seven APAC markets, adding in-browser AI tools for summaries, image edits, and ...
The Hacker News

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

ThreatsDay Bulletin: active exploits, supply chain attacks, AI abuse, and stealth data risks observed this week.
The Next Web

Mozilla patched 271 Firefox bugs found by Anthropic’s Mythos, and says the zero-day era has an expiration date

Firefox 150 ships 271 bug fixes found by Claude Mythos Preview. Mozilla says the defects are finite. The UK AI Security Institute says the model can also attack autonomously.
Security Boulevard

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol ...