The Hacker News

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Malicious Chrome extensions tied to ownership transfers push malware and steal data, exposing thousands to credential theft and system compromise.
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

SAP Patch Day: NetWeaver vulnerability allows code injection

In March, SAP addresses partly critical security vulnerabilities in various products in 15 advisories. Admins must act.

Junshi Biosciences Announces NMPA Acceptance of New Drug Applications for Toripalimab Injection (Subcutaneous) Across 12 Indications

Shanghai Junshi Biosciences Co., Ltd (Junshi Biosciences, HKEX: 1877; SSE: 688180), a leading innovation-driven biopharmaceutical company dedicated to the discovery, development, and commercialization ...

Xint Code Demonstrates Human-like Discovery and Prioritization of Business Logic Vulnerabilities, Analyzing Millions of Code Lines in Just Hours

Theori, a leader in offensive security research, today announced the commercial availability of Xint Code, the first completely LLM-native Static Application Security Testing (SAST) tool capable of ...

Chrome emergency update: Two attacked code-injection vulnerabilities patched

Google released an emergency update for Chrome on Friday night. It patches two security vulnerabilities that were attacked on the internet.
The Bakersfield Californian

Junshi Biosciences Announces NMPA Acceptance of New Drug Applications for Toripalimab Injection ...

Shanghai Junshi Biosciences Co., Ltd (Junshi Biosciences, HKEX: 1877; SSE: 688180), a leading innovation-driven biopharmaceutical company dedicated to the discovery, development, and commercialization ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
Security Boulevard

When Proxies Become Attack Vectors Through Header Injection

This assumption breaks down because HTTP RFC flexibility allows different servers to interpret the same header field in fundamentally different ways, creating exploitable gaps that attackers are ...

Google Stacking vs Traditional Link Building: A Strategic Comparison

WILMINGTON, DE - March 20, 2026 - PRESSADVANTAGE - G-Stacker has announced the general availability of its digital ...