Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

In the first five months of 2026, security researchers have flagged more malicious packages on the npm registry than in all ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

Project Zomboid developer The Indie Stone has confirmed that it has identified and taken action against a series of mods for the zombie game that were "creating malicious files outside of the Project ...

GameSpot may get a commission from retail offers. April 7, 2026: We added one new code for Roblox The Forge. The Forge is an exciting Roblox experience, which should be great for anyone out there ...

Anthropic accidentally leaked part of the internal source code for its coding assistant Claude Code, according to a spokesperson. The leak could help give software developers, and Anthropic's ...

VentureBeat made with Google Gemini 3.1 Pro Image Anthropic appears to have accidentally revealed the inner workings of one of its most popular and lucrative AI products, the agentic AI harness Claude ...

Security A 17-year-old Excel vulnerability is currently being exploited by threat actors, and it's been flagged by the US' cyber defence agency Survival & Crafting Palworld imitator Pickmon changes a ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

ThreatDown’s EDR team discovered a sophisticated, multi-stage attack chain during an active investigation; the first documented case of attackers abusing the Deno runtime as a malware execution ...