InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens ...
Dark Reading

Fake Android Apps Commit Carrier Billing Fraud for Premium Svcs.

The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.
Infosecurity Magazine

Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users

A 10-month Android malware campaign has used nearly 250 fake apps to sign victims up to premium services on their mobile ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the security risks of hallucinated dependencies.
SecurityWeek

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

“What once took hours now happens in minutes" — How InterSystems transformed operations for Coordinista

The cloud-first digital health development platform provides built-in support for healthcare interoperability standards, ...

Pixazo API Launches HappyHorse MCP and Offers HappyHorse 1.0 API at 30% Off in Limited-Time Discount

HappyHorse MCP brings Alibaba's AI video generation to Claude, Codex & more — now with a limited-time 30% discount ...
The Hacker News

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

CVE-2026-41940 exploitation by 2,000 IPs enabled Filemanager backdoor attacks, causing credential theft and persistent access ...
CSO Online

Expired domain leads to supply chain attack on node-ipc npm package

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...
Education Week

A District Expects to Save $200K From AI-Powered ‘Vibe Coding.’ Here’s How

Teachers in Washington state’s Peninsula school district seeking critical feedback on their instruction have a new tool to ...

AI agent successfully moves Adobe Lightroom to Linux

Claude Code has made the digital photo tool Adobe Lightroom functional on Linux. The project began with a very simple prompt.