Node.js 26 has been released, featuring the Temporal API enabled by default, an updated V8 engine to version 14.6, and the ...
Microsoft has a new "Intelligent Terminal", and it's surprisingly powerful.
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
Unsurprisingly to many of us, app stores for smart televisions are also trash. Perhaps even more full of trash than other app stores due to the smaller ecosystem and fewer reviewers. Spur analyzed ...
A SimpleHelp authentication flaw is being exploited to deploy Djinn Stealer, a cross-platform malware targeting cloud, ...
If Microsoft shows Your account is temporarily locked to prevent unauthorized use, the sign-in system has paused access ...
Loki is a stage-1 command and control (C2) framework written in Node.js, built to script-jack vulnerable Electron apps MITRE ATT&CK T1218.015. Developed for red team operations, Loki enables evasion ...
A new version of the Bun JavaScript runtime and toolkit is out with enhanced testing support and improved memory management. The latter is a critical issue to devs and follows complaints of memory ...
OpenClaw Node for VS Code really can read workspace files, apply instructions from a local skill file, and write results back through the VS Code API sandbox. On Windows, the path to that result is ...
A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish ...
Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and execute arbitrary code. A critical vulnerability has been patched in vm2, a ...
A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later.