The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
InfoWorld

Protocol Buffers schemas expose remote code execution risk

Researchers at Cyera found six vulnerabilities in prtobuf.js, including a flaw that can turn attacker-controlled schema data ...

Lutkenhaus, 17, upsets Olympic champion Wanyonyi in Oslo

American teenager Cooper Lutkenhaus produces a stunning performance to beat Olympic champion Emmanuel Wanyonyi in the men's ...
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...

Austria beat Jordan for first World Cup win since 1990

Austria win a match at the World Cup finals for the first time since 1990 as they beat debutants Jordan in San Francisco.
LGBTQ Nation

Gay dad goes viral for honest reflection on raising a straight son

A gay dad’s thoughts on the trials and tribulations of raising a straight son went viral last week as parents across the internet connected to his feelings. The Brazil-based father posted in ...
techtimes

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...

Tourists among six killed after helicopters crash in mid-air fireball explosion over Rio De Janeiro

'Given the surrounding residences, the accident could have been far more tragic' ...

Bungee workers ‘can’t remember’ who was supposed to attach safety cord before model plunged to death

The workers of a bungee company who threw a model to her death after her safety cord was unattached have appeared in court.
CSOonline

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures. As AI coding assistants accelerate software ...