The Hacker News

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

Adobe Reader zero-day exploited since Dec 2025 via malicious PDFs, enabling data theft and potential RCE, prompting urgent ...
CSO Online

Hackers have been exploiting an unpatched Adobe Reader vulnerability for months

Now a security researcher says a Reader hole has been quietly exploited by malware for as long as four months, fingerprinting ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...

Bubble AI app builder abused to steal Microsoft account credentials

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building ...

Google Explains Googlebot Byte Limits And Crawling Architecture

Google's Gary Illyes published a blog post explaining how Googlebot works as one client of a centralized crawling platform, ...
Decrypt

Anthropic's Mythos Safety Report Shows It Can No Longer Fully Measure What It Built

Anthropic’s Claude Mythos is powerful, but Its own safety report reveals a deeper crisis that's gone largely unnoticed.
Opinion

Mozilla introduces cq, describing it as 'Stack Overflow for agents'

Mozilla is building cq - described by staff engineer Peter Wilson as "Stack Overflow for agents" - as an open source project to enable AI agents to discover and share collective knowledge.

Foxit Unveils Tool To Detect Hidden Security Threats Inside PDFs

Foxit Software today introduced a new capability designed to uncover hidden security risks inside PDFs as part of its latest ...

Cloudflare previews 'EmDash' – an AI-driven rebuild of WordPress in TypeScript

The world's most popular CMS has been remade with the help of AI. Cloudflare has released EmDash version 0.1, described as a ...

How AI has suddenly become much more useful to open-source developers

How AI has suddenly become much more useful to open-source developers ...

A simple coding mistake is exposing API keys across thousands of websites

A large-scale study has revealed that websites are unintentionally exposing API keys tied to services like AWS, Stripe, and OpenAI, with most leaks traced back to publicly accessible JavaScript files.