vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
Ravie LakshmananMay 07, 2026Vulnerability / Software Security A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library...
have
Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks
Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge...
Your AI Agents Are Already Inside the Perimeter. Do You Know What They’re Doing?
Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern...
Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs
Ravie LakshmananMay 06, 2026Endpoint Security / Threat Intelligence Cybersecurity researchers have disclosed details of an intrusion that involved the use...
U.S. Officials Consider Three-Day Patch Rule in Wake of Anthropic’s Mythos
Federal officials reportedly are considering significantly cutting the amount of time U.S. agencies have to fix critical vulnerabilities in the...
North Korea’s Enormous Crypto Hacks Redefine Scale and Strategy
A pair of tightly executed cyberattacks have become milestones in cryptocurrency theft in 2026 due to their sheer size. These...
China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists
Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and...
AI-Era Threats Spread Beyond Email Into SaaS, Collaboration Apps, and AI Assistants
AI-related security incidents have been spreading well beyond email and into the wider collaboration stack. The data, coming from the...
Autonomous SOC: The Evolution of Self-Driving Security Operations
May 1, 2026 Autonomous SOC: The Evolution of Self-Driving Security Operations Security operations have reached a point where incremental efficiency...
Billions of Chrome Users Urged to Update After Google Patches 30 Security Flaws
Chrome users have 30 new reasons to restart their browser. Google has just released a massive security overhaul for Chrome,...
New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
Ravie LakshmananApr 30, 2026Cloud Security / Threat Intelligence Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called...
New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions
Ravie LakshmananApr 30, 2026Linux / Vulnerability Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that...
Wasn’t Visibility Supposed to Fix This?
Security teams have spent years building better ways to surface risk and improve visibility into exposure. Dashboards are full, tools...
Fast16 Malware
Fast16 Malware Researchers have reverse-engineered a piece of malware named Fast16. It’s almost certainly state-sponsored, probably US in origin, and...
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project...
