The Hacker News

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories

Key cyber updates on ransomware, cloud intrusions, phishing, botnets, supply-chain risks, and nation-state threat activity.

Critical React Native Metro dev server bug under attack as researchers scream into the void

Baddies are exploiting a critical bug in React Native's Metro development server to deliver malware to both Windows and Linux ...
Joplin Globe

McAfee Simplifies Safety with the Industry’s Most Complete Scam Detector — Now with Instant QR Code Scam Checks and Smarter Social Messaging Scam Protection

McAfee, a global leader in personal protection, today announced upgrades to Scam Detector that make staying safe wherever you’re connected stronger, smarter, and simpler. Scams come through many ...
CSOonline

Actively exploited Cisco UC bug requires immediate, version‑specific patching

The RCE flaw lets remote attackers gain root on affected systems with no user interaction. Cisco has released multiple version‑specific patch files — but offers no fix for 12.5 — as CISA warns the bug ...
ZDNet

I used GPT-5.2-Codex to find a mystery bug and hosting nightmare - it was beyond fast

A $20 ChatGPT Plus plan can handle real-world bug fixes. Codex helped identify both code bugs and hosting issues. AI saved time by fixing code and drafting support emails. When you're a lone ...
Yahoo

Surprisingly Common and Deadly Hidden Hazards of Daily Life

My medical degree might say "emergency medicine doctor," but most days I feel more like a board-certified death escapologist. I've worked in healthcare all over the world and confront death daily.
SiliconANGLE

Cyata flags agentic AI supply-chain risk in Cursor remote code execution bug

A new report out today from artificial intelligence security startup Cyata Security Ltd. details a critical remote code execution vulnerability in Cursor Inc.’s integrated development environment that ...
VentureBeat

Anthropic's Claude Code can now read your Slack messages and write code for you

Anthropic has launched a beta integration that connects its fast-growing Claude Code programming agent directly into Slack, allowing software engineers to delegate coding tasks without leaving the ...
GitHub

[Bug] HMA gets detected on Native detector Samsung S21

Use a Samsung with OneUI and install HMA. Set up HMA and enable intent filtering. Run a native detections and see how it gets detected It should be hidden from Native detector since the purpose of HMA ...
The Hacker News

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as ...
GitHub

Bug: ...Quote fixer for javascript evaluate action sometimes produces syntax errors

Sometimes the agent will try to execute javascript using the evaluate action. I have seen quite a few cases where the agent passed in valid javascript, but the quote fixing or sanitization that's run ...
InfoWorld

OpenAI launches Aardvark to detect and patch hidden bugs in code

Currently in private beta, the GPT-5-powered security agent scans, reasons, and patches software like a real researcher, aiming to embed AI-driven defense into the development workflow. OpenAI has ...