Security researchers have revealed 12 critical vulnerabilities affecting the popular vm2 Node.js library, exposing applications to sandbox escapes and remote code execution attacks. The vm2 package is widely used by developers to safely run untrusted JavaScript code inside isolated environments.…
Security researchers have disclosed 12 high-severity vulnerabilities affecting the widely used vm2 Node.js library, raising serious concerns for developers and organizations that rely on the package to securely execute untrusted JavaScript code. The open-source vm2 library is commonly used to…
Cybersecurity researchers have uncovered a new supply chain attack involving malicious packages uploaded to the Python Package Index (PyPI) repository that secretly install a previously undocumented malware strain called ZiChatBot on both Windows and Linux devices. According to researchers at…
Many organizations believe that signing an incident response retainer agreement means they are prepared for a cyberattack. Security experts say that assumption is dangerously misleading. A retainer may guarantee that someone answers the phone during a crisis, but it does…
ThreatsDay 2026: New Malware, AI-Powered Cyber Threats, Supply Chain Attacks, and Critical Security Flaws Dominate the Week The cybersecurity world had another chaotic week as researchers uncovered new malware campaigns, critical software vulnerabilities, large-scale phishing operations, and growing concerns over…
A newly disclosed critical vulnerability affecting Palo Alto Networks PAN-OS software may have been targeted by attackers weeks before public disclosure, according to new findings from the company’s Unit 42 threat intelligence team. The flaw, tracked as CVE-2026-0300, is a…
A state-sponsored hacking group tied to North Korea, known as ScarCruft, has been linked to a supply chain attack involving a gaming platform, where attackers secretly embedded spyware into game components to monitor targeted users. Security researchers from ESET say…
The rapid adoption of artificial intelligence is creating new security challenges, with recent findings showing that many AI systems are being deployed with serious vulnerabilities. A study by Intruder reveals that modern AI infrastructure is often more exposed and poorly…
Every time employees connect AI tools, automation platforms, or productivity apps to services like Google or Microsoft, they leave behind something many organizations fail to track, long-lasting OAuth tokens. These tokens often have no expiration, no automatic cleanup, and in…
A highly advanced cyber espionage group with ties to China has been linked to a wave of attacks against government institutions in South America and southeastern Europe, according to new findings from Cisco Talos. The threat group, tracked as UAT-8302,…
