Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

You Might Have Fallen For This CAPTCHA Scam Without Realizing — Here's What To Do Now

Security experts reveal how easy it is to get fooled by this scam and what to do if you think you've been targeted.

From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...
TechSpot

Google says AI now generates 75% of its new code, up from 25% in 2024

Bottom line: Google said on Wednesday that about 75% of its new code is now generated by AI and then reviewed by engineers, a figure that marks a sharp increase from recent levels. In October 2024, ...
VentureBeat

Three AI coding agents leaked secrets through a single prompt injection. One vendor's ...

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...