The Hacker News

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...
Security Boulevard

SmartApeSG Launches Okendo Reviews Supply Chain Attack

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...
InfoQ

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...
CNET

The Netflix Secret Codes That Unlock Every Hidden Genre in the Library

Netflix's hidden genre codes bypass the algorithm entirely and drop you straight into whatever category you're actually in ...
Tech Xplore

PhishLumos maps phishing infrastructure and finds 190,000 URLs in six months

Researchers from Tokyo Metropolitan University have created a new paradigm for identifying online phishing campaigns. Their ...
PCMag

Sorry, No Pornhub Access in 24 States and 3 Countries. How to Watch Anyway

Aylo sites like Pornhub are blocked across the US, most recently in West Virginia, and overseas, in protest of ...