The Hacker News

ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

Weekly cybersecurity roundup covering exploited vulnerabilities, malware campaigns, legal actions, and nation-state attacks ...
腾讯网

Cloudflare 年度回顾:AI 机器人疯狂爬网、后量子加密普及率达 50%、Go ...

作者 | Renato Losio译者 | 平川近日,Cloudflare 发布了第六版 Radar 年度回顾报告。数据显示,全球互联网流量同比增长 19%,Googlebot 占据主导地位,爬取引流比持续攀升,后量子加密技术得到广泛应用。有超过 ...

已修复:周下载 350 万次的 jsPDF 库曝 9.2 分漏洞,可经由 PDF 窃取敏感 ...

IT之家 1 月 8 日消息,科技媒体 bleepingcomputer 昨日(1 月 7 日)发布博文,报道称广泛使用的 JavaScript PDF 生成库 jsPDF 近期报告严重安全漏洞(CVE-2025-68428), CVSS 评分高达 ...
InfoWorld

Generative UI: The AI agent is the front end

In a new model for user interfaces, agents paint the screen with interactive UI components on demand. Let’s take a look.
Security Boulevard

What are Refresh Tokens? Complete Implementation Guide & Security Best Practices

Learn how refresh tokens work in enterprise SSO. This guide covers implementation, rotation, and security best practices for CIAM systems.

This WebUI vulnerability allows remote code execution - here's how to stay safe

Open WebUI carried CVE-2025-64496, a high-severity code injection flaw in Direct Connection features Exploitation could ...
InfoWorld

Open WebUI bug turns the ‘free model’ into an enterprise backdoor

The bug allows attacker-controlled model servers to inject code, steal session tokens, and, in some cases, escalate to remote ...
The Hacker News

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

A critical CVSS 9.2 flaw in AdonisJS bodyparser lets attackers write arbitrary files via path traversal when uploads are ...
InfoQ中国 on MSN

Bun 推出内置数据库客户端与零配置前端开发

Bun (一个快速全能的JavaScript运行环境)现已发布 1.3 版本。此次更新堪称迄今为止最大的一个版本,不仅实现了全栈开发能力,还推出了统一的数据库 API,并显著提升了运行时的整体性能。 Bun 1.3 ...
InfoQ中国 on MSN

谷歌 Gemini API 负责人自曝:用竞品 Claude Code 1 小时复现自己团队一年 ...

一位谷歌资深工程师透露,Anthropic 的 Claude Code 用一小时跑出了她团队打磨了一年的系统。 一小时复现一年工作? 1 月 3 日,谷歌主管工程师、负责 Gemini API 的 Jaana Dogan 在 X ...