Node.js maintainers have issued emergency updates to address a serious vulnerability that can cause production applications to crash unexpectedly, opening the door to denial-of-service (DoS) attacks across much of the Node.js ecosystem. According to the Node.js security team, the issue…
Microsoft has released its first Patch Tuesday updates for 2026, rolling out fixes for 114 security vulnerabilities across Windows and related products. One of the flaws, the company confirmed, is already being exploited in real-world attacks. Of the total issues…
A new 2026 web security study has found that third-party applications are accessing sensitive user data on a majority of major websites without a clear business reason. After analyzing 4,700 high-traffic sites, researchers discovered that 64% of third-party tools now…
Fortinet has released security updates to address a high-severity flaw in its FortiSIEM platform that could allow unauthenticated attackers to remotely execute code on affected systems. The vulnerability, tracked as CVE-2025-64155, carries a CVSS score of 9.4, placing it firmly…
Security researchers have uncovered an active malware campaign that is abusing a DLL side-loading weakness in a legitimate Windows executable linked to the open-source c-ares library. The technique allows attackers to quietly bypass security defenses and install a broad range…
n8n recently introduced a task runner-based native Python option to improve security isolation. This feature first appeared in version 1.111.0 as an optional setting and could be turned on using the environment variables N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER. With the release of…
Several popular AI-driven code editors built on Visual Studio Code are raising new supply-chain security concerns after researchers found they recommend extensions that don’t actually exist in the Open VSX registry. The affected tools include VS Code forks such as…
There was a time when identity lived in one place. A single LDAP directory, an HR database, or one IAM portal handled who could access what. That reality is gone. Today, identities are scattered across SaaS platforms, on-prem systems, cloud…
I want to flag a serious security issue affecting the TOTOLINK EX200 wireless range extender that hasn’t received a fix and could leave devices fully exposed. The vulnerability was disclosed by the CERT Coordination Center and allows a remote attacker…
Trust Wallet has confirmed a security incident involving its Chrome browser extension that resulted in the loss of approximately $7 million in cryptocurrency. The breach affected users running a specific version of the extension and has prompted an urgent security…
