LinkedIn secretly scans for 6,000+ Chrome extensions, collects data

A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan ...
The Hacker News

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

Docker CVE-2026-34040 enables AuthZ bypass via padded requests, risking host compromise; fixed in version 29.3.1.
The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

Anthropic took down thousands of GitHub repos trying to yank its leaked source code — a move the company says was an accident

Anthropic executives said it was an accident and retracted the bulk of the takedown notices.
The Daily Mirror

Allianz Lanka strengthens industry collaboration through CRIB Insurance Data Repository Agreement

Allianz Lanka has taken an important step forward in strengthening industry-wide data governance and risk intelligence by joining the national Insurance Data Repository initiative. The company ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
The Independent

DOGE staffer had ‘God-level’ Social Security access and expected Trump’s pardon, whistleblower says

A former employee with the so-called Department of Government Efficiency allegedly claimed he tapped into two sensitive Social Security Administration databases and intended to share the information ...
insider.si.edu

Smithsonian Open Access

Welcome to Smithsonian Open Access, where you can download, share, and reuse millions of the Smithsonian’s images—right now, without asking. With new platforms and tools, you have easier access to ...