The Hacker News

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

Adobe Reader zero-day exploited since Dec 2025 via malicious PDFs, enabling data theft and potential RCE, prompting urgent ...
The Next Web

LinkedIn is secretly scanning your browser for 6,000 extensions, and you weren’t told

LinkedIn runs a hidden JavaScript script called Spectroscopy that silently probes over 6,000 Chrome extensions and collects ...
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

I read poetry for work. You get to read it for pleasure.

As the editor of a magazine that includes a poetry column, I routinely read poems because I have to. But I also delve into ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
Today

Read With Jenna's March 2026 Pick Is an 'Emotional Mystery' in a Beautiful Setting

Jenna Bush Hager says her March Read With Jenna pick is a book as “beautiful as where it is set.” “Wait for Me” by Amy Jo Burns unfolds partly in Appalachia, where the author grew up. Burns is from ...
Bleeping Computer

AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code

The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. The payload can intercept cryptocurrency wallet addresses entered on ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...