The Hacker News

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories

ThreatsDay Bulletin tracks active exploits, phishing waves, AI risks, major flaws, and cybercrime crackdowns shaping this week’s threat landscape.

Modern PDF platforms are becoming high-risk attack surfaces

Modern PDF platforms can now function as full attack gateways rather than passive document viewers.
SecurityWeek

Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration

Vulnerabilities in PDF platforms from Foxit and Apryse could have been exploited for account takeover, data exfiltration, and other attacks.
InfoWorld

WebMCP API extends web apps to AI agents

W3C proposal backed by Google and Microsoft allows developers to expose client-side JavaScript tools to AI agents, enabling ...

What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...
InfoQ

OpenAI Publishes Codex App Server Architecture for Unifying AI Agent Surfaces

OpenAI has recently published a detailed architecture description of the Codex App Server, a bidirectional protocol that decouples the Codex coding agent's core logic from its various client surfaces.

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...
Crude Oil Prices

API: Reviving Venezuela's Oil Sector Will Be Long, Multi-Billion Dollar Process

Oil industry executives have voiced that reviving Venezuela's oil production will be a long and costly process. Companies will need stable, legally defined frameworks, security for investments, and ...
Hosted on MSN

Who really owns JavaScript and why it’s a problem

This video breaks down the bizarre legal battle over who owns the JavaScript name. Despite not creating or maintaining the language, Oracle controls the trademark. The story traces how this happened ...
MarketWatch

Foxit Releases PDF Editor v2025.3 with Advanced Compliance, Security Upgrades and AI-Powered Productivity Tools for Windows and Mac Users

FREMONT, Calif., Dec. 19, 2025 /PRNewswire/ -- Foxit, a global leader in PDF and document productivity solutions, that help knowledge workers increase productivity and do more with documents, ...
VentureBeat

Why Google's new Interactions API is such a big deal for AI developers

For the last two years, the fundamental unit of generative AI development has been the "completion." You send a text prompt to a model, it sends text back, and the transaction ends. If you want to ...
CoinTelegraph

Binance hints at stock perps in push to join global tokenized equities race

Binance quietly rolled out API endpoints pointing to stock perpetual futures, potentially signaling a renewed push into stock trading after a failed 2021 launch. Crypto exchange Binance has added new ...