The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
latesthackingnews.com

CVE-2026-48907: How the Joomla JCE Exploit Works and What to Do About It

CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.
The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
Reuters

US importer files class action against indicted shipping container manufacturers

WASHINGTON, June 3 (Reuters) - A U.S. importer has filed a class action in federal court against the world's largest shipping container manufacturers, accusing them of conspiring ‌to fix prices in a ...
GitHub

TypeScript Remove (tsr) is a utility that removes unused code from TypeScript projects – It's like tree shaking, but for source files

tsr statically analyses your TypeScript project like how tree-shaking is implemented in bundlers. Run tsr to get a list of unused exports and files (modules) in your TypeScript project. Use tsr in ...
law.nyu.edu

Family Defense Clinic files landmark class action over unlawful child removals

A coalition of legal advocates, including NYU Law's Family Defense Clinic filed a major class action against New York City’s Administration for Children's Services (ACS) on Thursday, May 28, ...
CBS News

Pentagon releases more UFO files: "Speechless after these observations"

Washington — The Pentagon on Friday released a new batch of 64 files related to UFOs, or UAPs, unveiling a second tranche of records that includes a 2025 first-hand account from an intelligence ...