The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

After the execution of James G. Broadnax in Texas, questions persist over use of rap lyrics as evidence

Why do rap lyrics continue to be used to demonize people inside and outside the courtroom, in ways that no other art form has ...
Cryptopolitan

Crypto wallets targeted in SAP-linked npm supply-chain attack

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...

Moderne Expands Agent Tools Platform with C# Support for Deterministic .NET Transformation

Moderne, the Agent Tools company for AI-driven software engineering, today announced C# language support across its platform, extending deterministic, large-scale code transformation to .NET codebases ...

Tickblaze Launches WebTrader, a Browser-Based Trading Platform Powered by TradingView, Expanding Global Access to Institutional-Grade Trading Infrastructure

Tickblaze, a trading technology provider serving proprietary trading firms, brokerages, and professional traders, today announced the launch of Tickblaze WebTrader, a fully browser-based trading ...

You might have fallen for this CAPTCHA scam without realizing — here's what to do now

Security experts reveal how easy it is to get fooled by this scam and what to do if you think you've been targeted.
The Hacker News

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

GitHub facades and Ethereum smart contracts power a March 2026 admin-targeted campaign, enabling resilient C2 rotation and ...

From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...
The Security Ledger

How Claude Planted Malicious Code In A Crypto-Trading App

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...
SecurityWeek

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware

UNC6692 relies on email bombing and social engineering to infect victims with Snow malware: Snowbelt, Snowglaze, and ...
InfoWorld

The best JavaScript certifications for getting hired

Earn these JavaScript certs to demonstrate mastery of the most in-demand skills for the world’s most-used programming ...