The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...
The Hacker News

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

Google confirms nation-state and cybercrime groups exploit a patched WinRAR flaw to gain persistence and deploy malware via ...

ReversingLabs 2026 Software Supply Chain Security Report Identifies 73% Increase in Malicious Open-Source Packages

According to the firm’s latest supply chain security report, there was a 73% increase in detections of malicious open-source packages in 2025. The past year also saw a huge jump in the scope of ...
Cyber Daily

Taking more than just a pen: Rise in data theft from outgoing employees calls for strengthened security

Leaving a job might see a cardboard box being filled with picture frames and notebooks, but what is increasingly leaving with ...

Epstein files deadline is long gone. When will more docs be released?

It's been a month since the Congressionally imposed deadline for the Department of Justice to release its files on Jeffrey ...

Justice Department expects to release its Epstein files soon, top officials say

Top Justice Department leaders said in a court filing Tuesday they expect to release the department’s Jeffrey Epstein-related ...

CISA confirms active exploitation of four enterprise software bugs

The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. warned of active exploitation of four vulnerabilities ...

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...
CSO Online

Critical bug in popular vm2 Node.js sandboxing library puts projects at risk

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and ...

Did former special counsel Jack Smith release all his files on Trump? Here's the truth

The claim was shared on social media — but not by reliable news outlets.
Que.com on MSN

China-linked hackers deploy PeckBirdy JavaScript C2 framework since 2023

Since 2023, multiple security investigations have highlighted a growing trend in which China-linked threat actors ...
InfoQ

VoidZero Announces Oxfmt Alpha with Rust-Powered Performance and Prettier Compatibility

VoidZero has unveiled Oxfmt, a cutting-edge Rust-based code formatter that offers over 30x faster performance than Prettier ...