The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
The Hacker News

Why Secrets in JavaScript Bundles are Still Being Missed

Scanning 5M apps uncovered 42K exposed secrets in JavaScript bundles, revealing major gaps in traditional SAST, DAST, and ...
Visual Studio Magazine

Hands On Comparison: Building a Dynamic Web App in VS Code and Google Antigravity with Prompts Only

A hands-on test compared Visual Studio Code and Google Antigravity on generating and refining a simple dynamic Ticket Desk ...
InfoWorld

OpenSilver 3.3 runs Blazor components inside XAML apps

New version of the open-source replacement for Microsoft Silverlight also brings support for .NET 10 and C# 14.

ANY.RUN and MISP Announce Integration to Accelerate Threat Validation and Strengthen SOC Efficiency

DUBAI, DUBAI, UNITED ARAB EMIRATES, January 22, 2026 /EINPresswire.com/ — ANY.RUN has launched a new integration with MISP ...

Infostealers added Clawdbot to their target lists before most security teams knew it was running

RedLine, Lumma, and Vidar adapted in 48 hours. Clawdbot's localhost trust model collapsed, plaintext memory files sit exposed ...
InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...

Enlighten Clinical Solutions Announces Official Release of Integrated eTMF Module

New eTMF module integrates with Enlighten Clinical Solutions’ platform to support inspection-ready clinical trial ...
Dark Reading

China-Backed 'PeckBirdy' Takes Flight for Cross-Platform Attacks

In two separate campaigns, attackers used the JScript C2 framework to target Chinese gambling websites and Asian government ...
Opinion

IBM's AI agent Bob easily duped to run malware, researchers show

Prompt injection lets risky commands slip past guardrails IBM describes its coding agent thus: "Bob is your AI software development partner that understands your intent, repo, and security standards." ...

Browser-based attacks hit 95% of enterprises — and traditional security tools never saw them coming

Omdia research shows 95% of organizations faced browser-based attacks last year. CrowdStrike's CTO and Clearwater Analytics' ...

CISA confirms active exploitation of four enterprise software bugs

The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. warned of active exploitation of four vulnerabilities ...