From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...

Official SAP npm packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...
The Hacker News

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.
The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
The Security Ledger

How Claude Planted Malicious Code In A Crypto-Trading App

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...
SecurityWeek

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware

UNC6692 relies on email bombing and social engineering to infect victims with Snow malware: Snowbelt, Snowglaze, and ...
Security Boulevard

AI Vulnerability Chaining – Why Your Security Stack Cannot Detect What Comes Next

Mythos combined four separate low-severity bugs into a complete browser sandbox escape. Traditional scanners evaluate ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

LinkDaddy LLC Launches AI Verified to Solve SME Knowledge Graph Exclusion

LinkDaddy LLC, the Florida-registered digital infrastructure company founded by Anthony James Peacock, today announced the ...
Analytics Insight

How HTML to PDF APIs are Replacing Legacy Document Generation Tools in 2026

The tools businesses relied on for large-scale document generation over the past two decades are starting to lose ground, and ...
IFA Magazine

Financial services risk being overwhelmed by agentic AI wave with one in three firms lacking agent oversight

TrendAI™, the global leader in AI cybersecurity, today released new data from a global study* revealing a growing governance ...

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.