The Hacker News

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

WebRTC skimmer exploits PolyShell flaw since March 19, hitting 56.7% stores, enabling stealth data theft bypassing CSP.
TidBITS

macOS 26.4’s Script Editor Won’t Open Some Older AppleScripts

After upgrading to macOS 26.4, some users found Script Editor refusing to open certain older AppleScripts—even though most of the scripts still ran fine from apps like BBEdit. Here’s how to fix ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

Windows 11 Patch Triggers Sign-In Failures Across Microsoft Apps

A Windows 11 security update triggered Microsoft app sign-in failures, prompting an emergency patch and a manual workaround ...

The Meta ruling on social media’s harm to children was historic. But for parents, what now?

In two landmark rulings this week, Meta and YouTube were found liable for deliberately designing social media products that ...