The Hacker News

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized ...

Why LLM-only pages aren’t the answer to AI search

Creating pages only machines will see won’t improve AI search visibility. Data shows standard SEO fundamentals still drive AI ...
The Hacker News

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A misconfigured AWS CodeBuild webhook allowed bypass of actor ID checks, risking takeover of four AWS GitHub repositories ...

Chagos sovereignty no longer up for debate, says Mauritius, after Trump criticises UK deal

The UK plans to hand sovereignty of the Chagos Islands to Mauritius, while leasing a military base there - Trump says the ...

How ‘Reprompt’ Attack Let Hackers Steal Data From Microsoft Copilot

Varonis found a “Reprompt” attack that let a single link hijack Microsoft Copilot Personal sessions and exfiltrate data; Microsoft patched it in January 2026.

Investors demand Home Depot assess data privacy risks amid ICE raids

Group calls for review of retailer’s partnership with Flock Safety, whose data has been used in ​immigration enforcement ...

How a simple link allowed hackers to bypass Copilot's security guardrails - and what Microsoft did about it

Reprompt impacted Microsoft Copilot Personal and, according to the team, gave "threat actors an invisible entry point to perform a data‑exfiltration chain that bypasses enterprise security controls ...
CSO Online

From typos to takeovers: Inside the industrialization of npm supply chain attacks

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, ...