CSO Online

Internet Explorer may be dead, but its ghost still runs malware

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...
SecurityWeek

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...
MUO on MSN

I gave Claude, ChatGPT, and Gemini the same broken JavaScript to debug — only one found the actual cause

Debugging isn’t just guessing.
Windows Report

Exchange Server 2016 And 2019 Hit By Critical OWA Vulnerability

Microsoft warned Exchange Server customers about critical OWA vulnerability CVE-2026-42897 affecting on-premises deployments.
OSTechNix

JavaScript Timestamp Bugs: How UTC Mistakes Break Web Apps

Learn how a single JavaScript Date() timezone mistake silently corrupts web apps and how to fix timestamp bugs in JS, Python, ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

New WordPress Plugin: MUTE Spam Blocker Brings Zero-Code Contact Form Protection to Millions of WordPress Sites

The free plugin is now available on the WordPress Plugin Directory, compatible with Contact Form 7, WPForms, Ninja ...
The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
BGR

QR Codes Are Everywhere – So Why Haven't We Run Out Yet?

QR codes, short for quick-response codes, are designed to store information for easy sharing. For example, instead of making someone open a browser on their phone and manually type out a specific URL ...
Bleeping Computer

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. The ...