CSO Online

AI-powered polymorphic attack lures victims to phishing webpages

A new breed of malware uses various dynamic techniques to avoid detection and create customized phishing webpages.
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
Cybernews

North Korea is turning open-source projects into malware traps

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...
SecurityWeek

N8n Vulnerabilities Could Lead to Remote Code Execution

Two vulnerabilities in n8n’s sandbox mechanism could be exploited for remote code execution (RCE) on the host system.

How the Supreme Court Secretly Made Itself Even More Secretive

Amid calls to increase transparency and revelations about the court’s inner workings, the chief justice imposed nondisclosure ...
The Hacker News

⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

This week’s cybersecurity recap highlights key attacks, zero-days, and patches to keep you informed and secure.
InfoWorld

Are you ready for JavaScript in 2026?

Strip the types and hotwire the HTML—and triple check your package security while you are at it. JavaScript in 2026 is just ...

Mandiant details how ShinyHunters abuse SSO to steal cloud data

Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) ...

Research reveals how these simple Chrome extensions are hawking your privacy

Research shows that even simple Chrome extensions can quietly invade user privacy, with some hijacking clipboards, ...
CSO Online

Critical RCE bugs expose the n8n automation platform to host‑level compromise

A JavaScript sandbox bug rated CVSS 9.9 enables attackers to bypass AST‑based protections, while a Python execution bypass ...
The Hacker News

When Your Browser Becomes The Attacker: AI Browser Exploits

AI browsers can be hijacked through prompt injection, turning assistants into insider threats. Learn how these exploits work & how to protect data.
Business Insider

The best Sephora coupons and promo codes for freebies with your haul

You don't need to be a makeup professional to know of Sephora's wonders. The store is a one-stop shop for everything beauty, including hair care, skincare, makeup, and more. Whether you're upgrading ...