Arabian Post

SAP developers face npm supply shock

Malicious code inserted into four SAP-related npm packages exposed developer workstations and automated build systems to credential theft, marking a sharp escalation in attacks against open-source ...
Indiatimes

Hack of the day: Use plus code as a precise digital address

Getting someone to the right spot isn’t always as simple as sharing a street address. In many cases, addresses are incomplete, point to the wrong entrance, or fail to capture the exact location you ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...
The Hacker News

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

LofyGang resurfaces with LofyStealer disguised as Minecraft hack, exfiltrating IBANs and passwords to 24.152.36[.]241, escalating gaming threats.
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
Bloomberg L.P.

Crypto Hack Sparks $9 Billion Outflows From Top DeFi Lender

A weekend hack that saw almost $300 million drained from a little-known crypto project has triggered a crisis of confidence among decentralized-finance investors, with users pulling billions of ...

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...
Forbes

Valve Addresses Alleged Steam Hack And Clarifies Situation

Forbes contributors publish independent expert analyses and insights. News and opinion about video games, television, movies and the internet. A Steam logo of a video game digital distribution service ...
TechCrunch

Hackers are abusing unpatched Windows security flaws to hack into organizations

Hackers have broken into at least one organization using Windows vulnerabilities published online by a disgruntled security researcher over the last two weeks, according to a cybersecurity firm. On ...
The Guardian

Booking.com warns customers of hack that exposed their data

Undisclosed number of names and contact and reservation details accessed in latest cybercrime attempt The accommodation reservation website Booking.com has suffered a data breach with “unauthorised ...