InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
SpaceNews

Hybridizing nuclear command, control and communications systems puts space infrastructure ...

Space based nuclear command, control and communications (NC3) systems were developed as highly classified and sovereign systems, insulated from external influence and designed to survive in the most ...

Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them

A new infostealer variant targets macOS users by spoofing Apple, Microsoft, and Google and then then gets to work searching ...
The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
Morning Overview on MSN

Leaked memo says Gemini trails Claude Code on key developer feature

An internal Google memo, first circulated in early April 2026 and since described by multiple people familiar with its contents, reportedly acknowledges that Gemini CLI lags behind Anthropic’s Claude ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
Bitdefender

ClickFix Campaign Uses Compromised WordPress Sites to Spread Vidar Stealer in Australia

Cybercriminals are increasingly relying on social engineering instead of traditional exploits, and Australian authorities are ...

WordPress 7.0 Launches With Native AI Integration

WordPress 7.0 arrives without real-time collaboration, but its native AI infrastructure was always going to be the defining ...
CSO Online

Internet Explorer may be dead, but its ghost still runs malware

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...
OSTechNix

JavaScript Timestamp Bugs: How UTC Mistakes Break Web Apps

Learn how a single JavaScript Date() timezone mistake silently corrupts web apps and how to fix timestamp bugs in JS, Python, ...