The Hacker News

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

FROST uses JavaScript and OPFS SSD timing to identify websites at 88.95% F1, exposing cross-browser privacy leaks.

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows ...

Three free office suites vs. Microsoft 365 – technology comparison

The real difference lies deeper – because where should a web office suite run in the first place? All answers are legitimate: ...

Sleep Number files for bankruptcy as Canadian retailer submits $415M bid

Sleep Number Corp. will be acquired by Sleep Country Canada as part of its Chapter 11 restructuring. The two combined will ...

Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures

D Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...

As the browser wars heat up, here are the hottest alternatives to Chrome and Safari in 2026

We’ve compiled an overview of some of the top alternative browsers available today aiming to challenge Chrome and Safari.
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

I let Claude audit my messy Home Assistant setup, and it was a massive wake-up call

I gave Claude access to my Home Assistant. It helped me audit, debug, and improve my smart home better than I ever could have ...
Visual Studio Magazine

Using Local AI to Cut Copilot Usage-Based Billing Shock

After being gobsmacked by the new billing plan using almost all my monthly credits in one or two days, I tried pushing some Copilot-style coding work onto local models in VS Code. What I found was ...

Arch Linux locks down AUR signups amid wave of malicious commits

A wave of malicious commits hit the Arch User Repository (AUR) over the weekend, prompting the team to disable new account ...