The Hacker News

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Active React2Shell exploitation uses malicious NGINX configurations to hijack web traffic, targeting Baota panels, Asian TLDs ...
Microsoft

Detecting backdoored language models at scale

Learn how Microsoft research uncovers backdoor risks in language models and introduces a practical scanner to detect ...

Trump administration has 'undermined all the pillars of US democracy' warns Human Rights Watch

US President Donald Trump has attacked key pillars of his country's democracy, Human Rights Watch warned in its annual report ...

Hackers compromise NGINX servers to redirect user traffic

A threat actor is compromising NGINX servers in a campaign that hijacks user traffic and reroutes it through the attacker's ...

OpenClaw’s AI ‘skill’ extensions are a security nightmare

Security researchers found hundreds of malicious add-ons on ClawHub.
Que.com on MSN

China-linked Lotus Blossom breaches Notepad++ hosting, spreads malware

A recent supply-chain-style intrusion has put a spotlight on a familiar truth in cybersecurity: attackers don’t always need to hack ...
OSTechNix

Notepad++ Supply Chain Attack: Is Your Version Secure?

Notepad++ update servers were compromised for 6 months in 2025. Learn how the Chrysalis backdoor targeted users and why you must manually update to version 8.9.1 now.