The Hacker News

Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution

Huntress reports active attacks abusing Gladinet’s fixed cryptographic keys to forge tickets and gain remote code execution ...

GFA announces ticket access process for Black Stars matches at 2026 World Cup

The Ghana Football Association has outlined the process through which supporters can seek access to tickets for Black Stars ...

What is GhostPairing? The WhatsApp scam that hijacks accounts without OTPs or SIM swaps

A new scam dubbed GhostPairing is targeting WhatsApp users by abusing the app’s device-linking feature. The attack tricks ...
Security Boulevard

What are Access Tokens? Complete Guide to Access Token Structure, Usage & Security

Learn everything about access tokens: their structure, how they work in SSO and CIAM, and critical security measures to protect them from threats.

Malicious npm package steals WhatsApp accounts and messages

A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal ...
CSO Online

Gladinet servers file-sharing servers allow remote code execution

Static AES keys are enabling attackers to decrypt access tokens and reach remote code execution, triggering urgent patch ...
InfoWorld

React2Shell is the Log4j moment for front end development

Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without ...
The Hacker News

A Browser Extension Risk Guide After the ShadyPanda Campaign

Learn how the ShadyPanda campaign turned trusted browser extensions into spyware and the steps security teams can take to ...

WhatsApp device linking abused in account hijacking attacks

Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign ...

Govt warning: Attackers can hijack WhatsApp via 'GhostPairing' vulnerability; all you need to know

The 'GhostPairing' vulnerability in WhatsApp enables attackers to seize full control of an account, providing them with ...

Cursor Launches an AI Coding Tool For Designers

The 300-person startup hopes bringing designers aboard will give it an edge in an increasingly competitive AI software market ...

Indian cyber agency flags WhatsApp 'hijack'

In, reveals a dangerous flaw in WhatsApp dubbed GhostPairing. This vulnerability enables hackers to take over user accounts ...