The Hacker News

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Fortinet warns Stealit malware uses Node.js SEA and fake installers to deliver stealers, RATs, and persistence.
腾讯网

Happy DOM曝CVSS 9.4严重RCE漏洞,PoC已公开(CVE-2025-61927)

流行的JavaScript包Happy DOM曝出严重安全漏洞,该漏洞可使攻击者逃逸Node.js虚拟机(VM)上下文并在主机系统上执行任意代码。该漏洞被追踪为CVE-2025-61927,CVSSv4评分为9.4。
Infosecurity Magazine

New Stealit Malware Campaign Spreads via VPN and Game Installer Apps

A new campaign distributing the Stealit infostealer employs previously unknown malware delivery techniques and infrastructure ...

10 AI Coding Tools That Actually Make Programming Easier

Burgeoning artificial intelligence technologies are taking some of the complexity out of programming with tools that help ...

Indian government issue serious security warning for these Google, Amazon and Microsoft ...

CERT-In has issued a high-severity warning over a major npm ecosystem compromise named ‘Shai-Hulud,’ targeting credentials linked to Google Cloud, AWS, Microsoft Azure, and developer accounts.
InfoWorld

OpenAI Codex rivals Claude Code

Codex gives software developers a first-rate coding agent in their terminal and their IDE, along with the ability to delegate ...
The Hacker News

XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities

XWorm V6.0 is designed to connect to its C2 server at 94.159.113 [.]64 on port 4411 and supports a command called "plugin" to ...

Warning about data-stealer spreading through software used by millions of programmers

Security researchers worldwide are warning about a supply-chain attack on the Node Package Manager (NPM), where a ...