A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the…
Cybercriminals have discovered a dangerous way to trick developers into downloading malware by exploiting how GitHub works. The attack involves…
A critical vulnerability in the vm2 JavaScript sandbox library (versions ≤ 3.10.0) enables attackers to bypass sandbox protections and execute…
A coding error, possibly introduced thanks to over-reliance on artificial intelligence (AI) vibe coding tools, has rendered an emergent strain…
Listen to the article 3 min This audio is auto-generated. Please let us know if you have feedback. Dive Brief:…
Nike is investigating what it described as a “potential cyber security incident” after the World Leaks ransomware gang leaked 1.4…
On January 23rd, 2026, security researchers discovered a dangerous npm package named ansi-universal-ui that disguised itself as a legitimate user…
A surge in infrastructure deployment that mirrors the tactics of SLSH, a predatory alliance uniting three major threat actors: Scattered…
For 35 years, RSAC has been a driving force behind the world’s cybersecurity community. The power of community is a…
The UK government’s Department for Science, Innovation and Technology (DSIT) has completed what it calls the “discovery phase” of its…
Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online Pierluigi Paganini January 27, 2026 Shadowserver researchers found 6,000+ SmarterMail servers…
A sophisticated phishing campaign has been identified in which threat actors are abusing legitimate Microsoft Teams functionality to distribute malicious…