The Hacker News

ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors ...

The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come ...
TechRadar

An incredibly popular JavaScript library might have some worrying malware issues

CVE-2025-12735 in expr-eval allows remote code execution via unsafe input evaluation Vulnerable versions ≤2.0.2; patched in 2.0.3 and forked in expr-eval-fork 3.0.0 Developers should sanitize ...
Security Boulevard

Roll your own bot detection: fingerprinting/JavaScript (part 1)

This is the first article in a two-part series where we show how to build your own anti-bot system to protect a login endpoint, without relying on third-party services. Many bot detection solutions, ...
Bleeping Computer

Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation

The Keep Aware threat research team recently observed a phishing incident that involved leveraging legitimate infrastructure, precision email validation, and evasive delivery techniques. This attack ...
GitHub

Thinbus Javascript Secure Remote Password (SRP)

This repo provides a Javascript Secure Remote Password SRP-6a implementation for web browsers to perform a zero-knowledge proof-of-password to a web server. It contains both client and server ...
GitHub

Handle Laravel-Vue forms and validation with ease

vform is a tiny library for Vue 2/3 to help with forms and validation when using Laravel as a back-end. It provides a form instance to wrap your data in a convenient way and send it to your Laravel ...