The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until Feb 19, 2026 fix.
The Hacker News

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

WebRTC skimmer exploits PolyShell flaw since March 19, hitting 56.7% stores, enabling stealth data theft bypassing CSP.

Florida Supreme Court halts the execution of police officer convicted of raping and murdering a girl

The execution of a former Florida police officer convicted of raping and murdering an 11-year-old girl has been temporarily ...

Eldorado shareholder L1 Capital urges board to call off Foran deal, says it will vote against it

Melbourne-based hedge fund and miner’s third-largest investor says deal is too expensive, carries execution risk and has ...

I built a web page with OpenAI’s Codex in 5 minutes. Here’s how

PCWorld demonstrates how OpenAI’s Codex can generate a complete personal homepage in just 56 seconds using simple prompts and ...
CSO Online

GitHub phishers use fake OpenClaw tokens to drain crypto wallets

Attackers exploit OpenClaw hype with fake “CLAW” airdrops, luring developers from GitHub into wallet-draining phishing sites.

B.C. pension manager BCI lays off staff in private equity division under new leadership

Changes mark one of the first notable moves under Jon Salon, who was named global head of private equity in late January ...