CSO Online

Critical bug in popular vm2 Node.js sandboxing library puts projects at risk

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and ...
The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...
Dark Reading

China-Backed 'PeckBirdy' Takes Flight for Cross-Platform Attacks

In two separate campaigns, attackers used the JScript C2 framework to target Chinese gambling websites and Asian government ...

New sandbox escape flaw exposes n8n instances to RCE attacks

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, ...

Initial access hackers switch to Tsundere Bot for ransomware attacks

A prolific initial access broker tracked as TA584 has been observed using the Tsundere Bot alongside XWorm remote access ...
The Hacker News

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

ClickFix uses fake CAPTCHAs and a signed Microsoft App-V script to deploy Amatera stealer on enterprise Windows systems.

Mike Tirico’s Tough Task: Can He Help NBC Make Hard Pivot to Sports and Draw Big Crowds in Streaming Era?

Mike Tirico arrives at Baltimore’s M&T Bank Stadium in late December only to find something that has been in short supply in ...
SecurityWeek

Chrome, Edge Extensions Caught Stealing ChatGPT Sessions

LayerX discovered 16 extensions in the Chrome Web Store and Microsoft Edge Add-ons marketplace that steal users’ ChatGPT ...

CERT-In Flags High-Risk Chrome Flaw, Urges Immediate Update for Windows, Mac and Linux Users

CERT-In warns millions of Chrome users to update immediately after a critical flaw exposes systems to remote cyberattacks.
Visual Studio Magazine

What a Difference a VS Code Fork Makes: Antigravity, Cursor and Windsurf Compared

VS Code forks like Cursor, Windsurf, and Google Antigravity may share a common foundation, but hands-on testing shows they ...
Opinion

Why Canada’s ETF market is a global outlier – and how we can keep it that way

Canadian investors behave differently than their U.S. counterparts. While ETF flows in the U.S. remain concentrated heavily in broad market beta (growth), Canadian investors allocate a significantly ...

Arsenal stun Chelsea in huge blow to Blues' title hopes

Second-half goals from Beth Mead and Mariona Caldentey leave Chelsea six points behind leaders Manchester City.