Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them

The updated SHub stealer variant is called Reaper, and it uses macOS Script Editor, pre-populated with the malicious payload ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
Bitdefender

ClickFix Campaign Uses Compromised WordPress Sites to Spread Vidar Stealer in Australia

Cybercriminals are increasingly relying on social engineering instead of traditional exploits, and Australian authorities are ...

'ClickFix' attack tricks users into hacking themselves, ACSC warns

ClickFix relies on tricking users into essentially hacking themselves by running commands that compromise their computers. In ...
Communications of the ACM

Good Vibes: AI Coding Tools and Platforms

Technology that helps write computer code is not new, but advances in generative AI (GenAI) and agentic AI have catapulted ...
The Hacker News

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

Ghostwriter’s March 2026 Ukraine attacks use PDF lures and geofencing to deploy Cobalt Strike on government targets.
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
Decrypt

Fake OpenAI Repo Hit #1 on Hugging Face—And Stole Passwords While It Trended

A fake repo impersonating the OpenAI Privacy Filter model racked up 244,000 downloads in under 18 hours before Hugging Face ...
BBC on MSN

Ukraine's drone commander has Russian oil, troops and morale in his sights

In a rare interview, Commander Robert Brovdi shared how his unit accounts for a third of all targets destroyed on the battlefield.
InfoWorld

A better way to work with SQL Server

It’s time to switch to a new development tool for SQL Server and Azure SQL. Here’s how to get started with the MSSQL ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...