A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
Several SAP npm packages were exposed to a supply chain attack. The hacker group TeamPCP is behind it, say security ...
Morning Overview on MSN
Malicious open-source packages surge 73% in 2026 as threat actors weaponize the software supply chain
In the first five months of 2026, security researchers have flagged more malicious packages on the npm registry than in all ...
A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...
Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and execute arbitrary code. A critical vulnerability has been patched in vm2, a ...
PCWorld reports that over 840,000 users were infected by malicious browser extensions containing GhostPoster malware hidden in extension logos. These harmful extensions operated undetected in official ...
A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions with more than 50,000 downloads, to monitor browser activity and plant a backdoor. The ...
Direct navigation — the act of visiting a website by manually typing a domain name in a web browser — has never been riskier: A new study finds the vast majority of “parked” domains — mostly expired ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results