The Hacker News

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

WebRTC skimmer exploits PolyShell flaw since March 19, hitting 56.7% stores, enabling stealth data theft bypassing CSP.
IEEE

BIVALVE: An Imagery-Based Validation Framework for Benthic Habitat Classification from Side-Scan Sonar Data

Abstract: Understanding the properties, spatial distribution, and diversity of benthic habitats in a region is a primary goal of many coastal environmental monitoring programs. This information is ...
The Hacker News

OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration

China's National Computer Network Emergency Response Technical Team (CNCERT) has issued a warning about the security stemming from the use of OpenClaw (formerly Clawdbot and Moltbot), an open-source ...
GitHub

MacStealer: Wi-Fi Client Isolation Bypass

Enterprise networks where users may distrust each other, and where techniques such as client isolation or ARP inspection are used to prevent users from attacking each other. For instance, company ...
WFMJ

Canfield woman who killed twin children has died

A Canfield woman who drowned her twin children thirteen years ago has died. Fifty year old Annette Giancola passed away over the weekend. She was found innocent by reason of insanity after drowning ...
GitHub

IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network

8.2.1, 8.2.0, 8.1.0, 8.0.1, 8.0.0 This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more ...
SecurityWeek

New ‘AirSnitch’ Attack Shows Wi-Fi Client Isolation Could Be a False Sense of Security

Researchers have uncovered a Wi-Fi vulnerability that allows nearby attackers to intercept sensitive data and execute machine-in-the-middle attacks against connected devices. Researchers from UC ...