The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across developer systems.
The Hacker News

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching cycles.
Dark Reading

Post-Quantum Web Could be Safer, Faster

Providers are testing a quantum-safe version of HTTPS that shrinks certificates to a tenth their previous size, decreasing latency and adding transparency.
GitHub

dunamismax/go-web-server

go-web-server is a small Go starter for server-rendered apps with Echo, Templ, HTMX, PostgreSQL, SQLC, and Mage. The goal is boring, legible defaults: one binary, one Postgres database, session auth, ...
Security Boulevard

Invisible Threats: Source Code Exfiltration in Google Antigravity

Source Code Exfiltration in Google Antigravity‍TL;DR: We explored a known issue in Google Antigravity where attackers can ...
IGN

Marathon Server Slam Gets Big Player Numbers on Steam, Bungie Acknowledges UI and PvP ...

The Marathon Server Slam is off to a quick start, with impressive player numbers on Steam. As part of the Server Slam event, Bungie’s extraction shooter was made available to download for free across ...
GitHub

macgaf/es_mcp_server

. ├── es_mcp_server/ # 服务器代码 │ ├── __init__.py # 包初始化 │ ├── server.py # 服务器主程序 │ ├── config.py ...