The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
CSO Online

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
The Hacker News

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

"A buffer overflow vulnerability in the User-ID Authentication Portal (aka Captive Portal) service of Palo Alto Networks ...

Anthropic response to 1-click pwn: Shouldn't have clicked 'ok'

The TrustFall proof-of-concept attack demonstrates how a cloned code repository can include two JSON files (.mcp.json and ...
CSO Online

Critical Palo Alto Networks software bug hits exposed firewalls

A critical PAN-OS vulnerability affecting the User-ID Authentication Portal is being actively exploited to achieve ...

Google intercepts a massive cyberattack powered by first-ever AI-generated zero-day exploit

Google claims to have thwarted a significant cyberattack by state-sponsored hackers using an AI-developed zero-day exploit.
Microsoft

ClickFix campaign uses fake macOS utilities lures to deliver infostealers

Threat actors are targeting macOS users with fake utility fixes that trick them into running malicious Terminal commands.
CIO

It took 4 years to master ‘The Knowledge.’ AI just collapsed it in a software update

Just like GPS killed the need to memorize maps, AI has turned elite hacking into a "point-and-click" tool that anyone can use ...
Stark Insider

Three Models of Agentic Development, and Why the IDE Still Wins

A tool I’ve been using for a while, Roo Code, an extension for Visual Studio Code, recently made a decision that got me ...

Latenode Launches Managed AI Automation Approach for Business Teams

Latenode, an AI workflow automation platform, today announced the launch of its managed AI automation approach for business teams that want workflows built, launched, and supported without handling ...