New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
The Hacker News

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...
Microsoft

AI-powered defense for an AI-accelerated threat landscape

We are at an inflection point in cybersecurity. Recent advances in AI model capabilities are changing how vulnerabilities are ...
Tech Times

Clym Accessibility Tools Review: A Free, Open-Source WCAG Scanner Built for 2026

We tested Clym's free, open-source accessibility testing suite. An honest review of what it covers, how it works, and whether ...

Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand

Vercel confirms a security incident after a threat actor claims internal access and demands a $2M ransom, raising concerns ...
SecurityWeek

Next.js Creator Vercel Hacked

Vercel confirms that is has suffered an intrusion after a hacker offered to sell data allegedly stolen from the company’s ...