The Register on MSN

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Moonrise RAT Detected: Go-Based Threat Raises Risk of Data Loss and Operational Disruption

DUBAI, DUBAI, UNITED ARAB EMIRATES, February 24, 2026 /EINPresswire.com/ -- ANY.RUN researchers have identified ...
India West

Cyber Chief Madhu Gottumukkala Investigated For Uploading Files On ChatGPT

WASHINGTON, DC – The acting head of the nation’s cyber defense agency, Madhu Gottumukkala, uploaded sensitive government contracting material into a publicly accessible version of ChatGPT last summer, ...

TaxZerone Urges Last-Minute Filers: W-2, 1099, 94X Due Tonight — February 2 Filing Deadline Expires

TaxZerone is urging U.S. employers, businesses, payroll providers, and tax professionals to act now, as today—Monday, February 2, 2026—is the final day to file Information Returns (W-2 and 1099 series ...

What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...

Lawyer suggests 'occult activity' as theories on Epstein files spread

A South Florida attorney says recent Epstein files point to occult activity on his private island. What do the documents say?
The Hacker News

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 ...
Security Boulevard

Critical jsPDF Vulnerability Enables Arbitrary File Read in Node.js (CVE-2025-68428)

In January 2026, a critical security vulnerability was disclosed in jsPDF, a popular JavaScript library used to generate PDF documents. The issue, tracked as CVE-2025-68428, affects server-side ...
CSOonline

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not properly validated. A now-fixed critical flaw in the jsPDF library could ...
IEEE

URadar: Discovering Unrestricted File Upload Vulnerabilities via Adaptive Dynamic Testing

Abstract: Unrestricted file upload (UFU) vulnerabilities, especially unrestricted executable file upload (UEFU) vulnerabilities, pose severe security risks to web servers. For instance, attackers can ...
The Hacker News

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named ...