The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...

Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
InfoWorld

GitHub Copilot SDK allows developers to build Copilot agents into apps

Available in a technical preview, the SDK for Node.js, Python, Go, and .NET provides programmatic access to the agentic power ...
Infosecurity Magazine

PeckBirdy Framework Tied to China-Aligned Cyber Campaigns

PeckBirdy command-and-control framework targeting gambling, government sectors in Asia since 2023 has been linked to China-aligned APTs ...
Security Boulevard

Detecting browser extensions for bot detection, lessons from LinkedIn and Castle

Modern bot detection rarely deals with obviously fake browsers. Most large-scale automation today runs inside browser ...
Visual Studio Magazine

What a Difference a VS Code Fork Makes: Antigravity, Cursor and Windsurf Compared

VS Code forks like Cursor, Windsurf, and Google Antigravity may share a common foundation, but hands-on testing shows they ...

Steam Game Devs Call Exploit Allegations ‘Clickbait Exaggeration’ And ‘Malicious Defamation’

As of this writing, the game is currently sitting at a “Very Positive” review score on Steam, having amassed roughly 1,876 reviews and, according to VG Insights, over 113,000 individual purchases.

Attackers are getting stealthier – how can defenders stay ahead?

As attackers hide longer and deeper, behavior-first detection becomes the only reliable way to expose them.
CSO Online

CrowdStrike to add browser security to Falcon with Seraphic acquisition

As generative AI reshapes browser usage, the acquisition will bring in-session browser security to the Falcon platform.

This WebUI vulnerability allows remote code execution - here's how to stay safe

Popular AI interface was plagued by an 8/10 bug, but a fix is now available.
Communications of the ACM

Verification Debt: When Generative AI Speeds Change Faster Than Proof

A useful name for what accumulates in the mismatch is verification debt. It is the gap between what you released and what you ...