The Hacker News

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

A flaw in Anthropic’s Claude Code GitHub Action allowed a malicious GitHub issue from a bot actor to trigger workflows and ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard ...
Hackaday

Linux On Android Provides Inexpensive, Powerful Computing

In some parts of the world it’s common for cell service providers to sell new phones at a price significantly below market value, with the caveat that these phones are locked to that service ...

Linux bitten by second severe vulnerability in as many weeks

Linux users have been bitten by yet another vulnerability that gives containers and untrusted users the ability to gain root access, marking the second time in as many weeks that a severe threat has ...

Linux App Summit 2026: Meeting of the Linux Desktop Avant-garde

The Linux desktop community discussed at the Linux App Summit 2026 how to make Linux systems more secure, robust, and ...
GamingOnLinux

Hytale Update 5 brings controller support, new scripting tool for modders, social features

Making Hytale easier to play with a gamepad and handhelds like the Steam Deck - Update 5 is out with some major new features ...

Euro-Office, Europe's open-source alternative to Microsoft Office and Google Docs, launches June 9

Euro-Office, Europe's open-source alternative to Microsoft Office and Google Docs, launches June 9 ...

Laravel Lang packages hijacked to deploy credential-stealing malware

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...

No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out

Researcher reported the vuln in March. Maintainers haven't responded to his messages since ...
Microsoft

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...
techtimes

Laravel Supply Chain Attack Backdoors 5,561 Repos: Git Tag Rewrite Defeats Version Pinning

On the night of May 22, 2026, an unidentified attacker with push access to the Laravel-Lang GitHub organization rewrote every existing version tag across four widely used PHP localization packages — ...