The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

After the execution of James G. Broadnax in Texas, questions persist over use of rap lyrics as evidence

Why do rap lyrics continue to be used to demonize people inside and outside the courtroom, in ways that no other art form has ...
Cryptopolitan

Crypto wallets targeted in SAP-linked npm supply-chain attack

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...

Moderne Expands Agent Tools Platform with C# Support for Deterministic .NET Transformation

Moderne, the Agent Tools company for AI-driven software engineering, today announced C# language support across its platform, extending deterministic, large-scale code transformation to .NET codebases ...

Tickblaze Launches WebTrader, a Browser-Based Trading Platform Powered by TradingView, Expanding Global Access to Institutional-Grade Trading Infrastructure

Tickblaze, a trading technology provider serving proprietary trading firms, brokerages, and professional traders, today announced the launch of Tickblaze WebTrader, a fully browser-based trading ...

You might have fallen for this CAPTCHA scam without realizing — here's what to do now

Security experts reveal how easy it is to get fooled by this scam and what to do if you think you've been targeted.
The Hacker News

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

GitHub facades and Ethereum smart contracts power a March 2026 admin-targeted campaign, enabling resilient C2 rotation and ...
The Security Ledger

How Claude Planted Malicious Code In A Crypto-Trading App

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...
SecurityWeek

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware

UNC6692 relies on email bombing and social engineering to infect victims with Snow malware: Snowbelt, Snowglaze, and ...
Arabian Post on MSN

Firefox 150 closes code execution risks

Mozilla has released Firefox 150 with a broad security update that fixes 41 vulnerabilities, including multiple high-impact flaws tied to memory handling, browser components and privilege controls, ...