Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...
TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...
Then imagine it replying: "Sorry, the website won't let me in." That's the quiet failure mode behind most AI agents today.
Active Microsoft Exchange zero-day leaves organisations exposed By Nicola Mawson, Contributing journalistJohannesburg, 19 May 2026An exploit in on-premises Microsoft Exchange servers has already been ...
Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...
CVE-2026-41940 exploitation by 2,000 IPs enabled Filemanager backdoor attacks, causing credential theft and persistent access ...
Morning Overview on MSN
Malicious open-source packages have surged 73% in 2026 as attackers poison the software supply chain
In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...
Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results