North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and data-stealing malware.

Abstract: Modern JavaScript engines employ multi-tier JIT compilation for high performance, but these aggressive optimizations often introduce subtle and hard-to-detect security vulnerabilities.

Patch meant to close a severe expression bug fails to stop attackers with workflow access Multiple newly disclosed bugs in the popular workflow automation tool n8n could allow attackers to hijack ...

On February 5, 2026, security researchers disclosed a severe vulnerability in the popular n8n workflow automation platform that allows authenticated attackers to run arbitrary commands on the host ...

AWS patched a critical CodeBuild flaw that risked GitHub repository hijacking and potential supply chain attacks via the AWS Management Console..

A total of 12 vulnerabilities have been fixed in OpenSSL, all discovered by a single cybersecurity firm. All 12 vulnerabilities patched in the open source SSL/TLS toolkit were discovered by ...

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. The open-source ...

Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple ...

New York, 27 January 2026 — United Nations Secretary-General António Guterres has appointed 15 leading experts to the Independent Expert Advisory Panel for the Multidimensional Vulnerability Index ...