latesthackingnews.com

CVE-2026-48907: How the Joomla JCE Exploit Works and What to Do About It

CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
CSO Online

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
IEEE

A Robust Feature Downsampling Module for Remote-Sensing Visual Tasks

Abstract: Remote-sensing (RS) images present unique challenges for computer vision (CV) due to lower resolution, smaller objects, and fewer features. Mainstream backbone networks show promising ...
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
GitHub

Sephral's Module Loadouts

Sephral's Module Loadouts is a Foundry VTT utility module for saving, comparing, applying, exporting, and importing module activation profiles for a single world or for your wider installation. Open ...