The Hacker News

Investigating a New Click-Fix Variant

New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.
Opinion
PCMagOpinion

I Vibe Coded a Global Mass-Surveillance Site in 2 Hours Using OpenAI's Codex. That's a Privacy Nightmare

With zero coding skills, I was able to quickly assemble camera feeds from around the world into a single view. Here's how I did it, and why it's both promising and terrifying for all of us.
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...
Techrights

Microsofters' SLAPP Censorship - Part 8 Out of 200: Gross Misuse of UKGDPR to Protect the Agenda of American Back Doors (Mass Surveillance)

This means they are serial, chronic abusers of UKGDPR, which was meant to guard privacy, not guard Americans who promote back doors, surveillance, kill switches etc. We'll revisit this irony some ...
usa.inquirer

8 best online JavaScript compilers for practice (free and fast)

JavaScript is the foundation of the modern web. From simple button clicks to complex web applications, almost everything interactive you see online runs on JavaScript. Whether you are a beginner ...
Bleeping Computer

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns. ClickFix attacks ...
Searchenginejournal.com

Ask An SEO: Can AI Systems & LLMs Render JavaScript To Read ‘Hidden’ Content?

For this week’s Ask An SEO, a reader asked: “Is there any difference between how AI systems handle JavaScript-rendered or interactively hidden content compared to traditional Google indexing? What ...
Search Engine Land

Spam traffic in GA4: How to detect, filter & prevent it

Spam traffic distorts your analytics data, which can lead to poor marketing decisions based on false performance signals. It’s become more visible in Google Analytics 4. Compared to Universal ...
Ars Technica

In 1995, a Netscape employee wrote a hack in 10 days that now runs the Internet

Thirty years ago today, Netscape Communications and Sun Microsystems issued a joint press release announcing JavaScript, an object scripting language designed for creating interactive web applications ...
GitHub

Modern JavaScript runtime in Python

Note: jsrun is experimental. Expect breaking changes between versions. One of the most compelling use cases for jsrun is building safe execution environments for AI agents. When LLMs generate code, ...
Bleeping Computer

Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...