The Hacker News

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

CVE-2026-41940 exploitation by 2,000 IPs enabled Filemanager backdoor attacks, causing credential theft and persistent access ...

MegaConvert.io Launches Free File Converter With 500+ Formats in 47 Languages

Free platform converts documents, images, video, audio, and ebooks from any browser — no signup required. Developer API included. We built MegaConvert to be the simplest file converter on the web — no ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

Cloudways vs Hostinger: Which web host is best for you?

Alternatively, Cloudways seems a little more business focused at first glance, but it’s a reliable choice that’s been in ...

Developer turns Telegram into Google Drive-like cloud storage solution for free

A developer has created Telegram Drive, an open-source desktop app that turns Telegram into a cloud storage system, offering file management features without subscription costs tied to traditional ...

New Shai-Hulud malware wave compromises 600 npm packages

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

Income tax return AY 26-27: Excel utility, online filing for ITR-1 and ITR-4 forms now available on e-filing portal

Income tax return AY 26-27: The Income Tax Department has launched Excel utilities and online filing for ITR-1 and ITR-4 for ...

Woman covertly filmed for 'humiliating' social media content - then told to pay

Alice says the video was posted on social media and viewed about 40,000 times.
cybernews

AI platform Dify, with 10 million installs, exposes users to one-click account takeover

Dify, a popular low-code AI application development platform with over 142,000 stars on GitHub, was found to contain critical vulnerabilities that allowed a one-click account takeover. Imperva ...
Auganix

Niantic Spatial Releases SPZ 4 Open-Source Format for 3D Gaussian Splats

Niantic Spatial releases SPZ 4, updating its open-source format for larger 3D Gaussian splat files with faster compression | ...