Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

In the first five months of 2026, security researchers have flagged more malicious packages on the npm registry than in all ...

May 3, 2026: We looked for new Last Letter 💬 codes. The most recent codes offer 10k tokens and 15 spins! Using Last Letter codes is a great way to diversify your word game strategies. Sure, having a ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

ThreatDown’s EDR team discovered a sophisticated, multi-stage attack chain during an active investigation; the first documented case of attackers abusing the Deno runtime as a malware execution ...

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...

Players of Project Zomboid, one of the best survival games ever made, need to check their mod lists right now. Developer The Indie Stone has confirmed that 14 mods on the game’s Steam Workshop ...

Project Zomboid developer The Indie Stone has confirmed that it has identified and taken action against a series of mods for the zombie game that were "creating malicious files outside of the Project ...