The Hacker News

⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More

Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a ...
Android

The Notification Trap: How a Text on WhatsApp Could Have Controlled Your Phone's AI

Security firm SafeBreach discovered a significant prompt injection flaw in Android’s Google Gemini that allowed malicious notifications from apps like WhatsApp or Slack to hijack the assistant. By ...
Redmondmag.com

Microsoft 365 Android Coding Error Put Account Tokens at Risk

A coding error in several Microsoft 365 Android apps could have allowed a malicious app on the same device to silently obtain account tokens and act as the signed-in user, according to new research ...

Google is offering Android developers cash in exchange for code to train AI

According to a report from 404 Media, Google has emailed some Android app developers with a "confidential content offer pilot ...

Google Patches Android Zero-Day Vulnerability in June 2026 Security Update

Google’s June 2026 Android update fixes dozens of flaws, including a potentially exploited Framework vulnerability and ...
PCMag

Google's Agentic AI Tool Gemini Spark Is Now Available. Here's How to Try It

You'll need one of Google's higher-tier AI plans to get Spark, which the company describes as a '24/7 personal agent.' ...
theregister

Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them

A new infostealer variant targets macOS users by spoofing Apple, Microsoft, and Google and then then gets to work searching for victims’ password managers so it can steal all of their credentials and ...
Hackaday

google apps

As locked-down as the Amazon Echo Show line of devices are, they’re still just ARM-based Android devices, which makes repurposing it somewhat straightforward as long as what you want is another ...
GitHub

Taking advantage of Web Apps with Google Apps Script

When Web Apps is deployed, you can see the following window. New IDE for Google Apps Script has finally been released at December 7, 2020. Ref For new IDE, please open a dialog by "Deploy" -> "New ...
InfoWorld

Malicious pgserve, automagik developer tools found in npm registry

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ‘a complete organizational takeover’. Application developers are being ...
Android

Why Your AI Girlfriend is a Privacy Time Bomb: 150M Users at Risk

“A new 2026 study reveals that AI companion apps with 150M installs are a privacy disaster. More than half expose intimate chat histories due to critical flaws like hardcoded credentials and script ...
TechRadar

Google Apps Script abused to launch dangerous phishing attacks

Hackers are hosting fake invoices on Google Apps Script, experts warn The invoices are sent via email Victims are redirected to a fake Microsoft 365 login page Threat actors have been seen abusing ...