The Hacker News

Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now

Cybersecurity company Imperva, which discovered and reported the problem in July 2025, described CVE-2025-53967 as a "design ...
The Hacker News

Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave

The access afforded by the ANTSWORD web shell is then used to run the "whoami" command to determine the privileges of the web ...
CSO Online

GitHub Copilot prompt injection flaw leaked sensitive data from private repos

Hidden comments in pull requests analyzed by Copilot Chat leaked AWS keys from users’ private repositories, demonstrating yet ...
Infosecurity Magazine

Nezha Tool Used in New Cyber Campaign Targeting Web Applications

A cyber campaign using Nezha has been identified, targeting vulnerable web apps with PHP web shells and Ghost RAT ...

New FileFix attack uses cache smuggling to evade security software

A new variant of the FileFix social engineering attack uses cache smuggling to secretly download a malicious ZIP archive onto a victim's system and bypassing security software.
CSO Online

Open-source monitor turns into an off-the-shelf attack beacon

Hackers used log poisoning and web shells to convert Nezha into a remote access tool targeting networks across East Asia.