dark
Hand-Picked Top-Read Stories
Trending Tags
1 minute read

New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification

info@thehackernews.com (The Hacker News)
January 14, 2026
Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024.  Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise. Specific offenders: Google Tag Manager (8% of violations), Shopify (5%), Facebook Pixel (4%). Download the
Total
0
Shares
0
0
0
[[{“value”:”Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. 
Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise.
Specific offenders: Google Tag Manager (8% of violations), Shopify (5%), Facebook Pixel (4%).

Download the”}]] The Hacker News 

Total
0
Shares
Share 0
Tweet 0
Share 0
Share 0
Share 0
Previous Post

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

January 14, 2026
Next Post

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

January 14, 2026
Related Posts
3 min

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers. The extensions, which have 1.5 million combined installs and are still available for download from the official Visual Studio
info@thehackernews.com (The Hacker News)
January 26, 2026
Read More
3 min

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet. The activity, codenamed ShadowRay 2.0, is an evolution of a prior wave that was observed between September 2023 and March 2024. The attack, at its core,
info@thehackernews.com (The Hacker News)
November 20, 2025
Read More