Smashing Security podcast #452: The dark web’s worst assassins, and Pegasus in the dock
In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with...
Vulnerability
Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution
Ravie LakshmananJan 28, 2026Vulnerability / Open Source A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js...
Imperva Customers Protected Against CVE-2026-21962 in Oracle HTTP and WebLogic
What Is CVE-2026-21962? CVE-2026-21962 is a critical (CVSS 10.0) vulnerability in the Oracle HTTP Server and the WebLogic Server Proxy...
Critical SmarterMail vulnerability under attack, no CVE yet
Critical SmarterMail vulnerability under attack, no CVE yet Pierluigi Paganini January 22, 2026 A SmarterMail flaw (WT-2026-0001) is under active...
Smashing Security podcast #451: I hacked the government, and your headphones are next
In episode 451 of “Smashing Security,” we meet the cybercriminal who hacked the US Supreme Court, Veterans Affairs, and more...
CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
Ravie LakshmananJan 21, 2026Open Source / Vulnerability A security vulnerability has been disclosed in the popular binary-parser npm library that,...
Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers
Ravie LakshmananJan 20, 2026Web Security / Vulnerability Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment (ACME)...
