Abstract: Web application vulnerabilities continue to pose a significant challenge. Static analysis is currently the mainstream approach to this issue, while dynamic analysis is not as widely used in ...

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...

CloudVault discovers exposed AWS S3, Google Cloud Storage, and Azure Blob containers through certificate transparency monitoring and provides actionable security insights with tree-formatted ...

Patch meant to close a severe expression bug fails to stop attackers with workflow access Multiple newly disclosed bugs in the popular workflow automation tool n8n could allow attackers to hijack ...

Abstract: Modern JavaScript engines employ multi-tier JIT compilation for high performance, but these aggressive optimizations often introduce subtle and hard-to-detect security vulnerabilities.

AWS patched a critical CodeBuild flaw that risked GitHub repository hijacking and potential supply chain attacks via the AWS Management Console..

Russian and Chinese state-sponsored threat actors have been exploiting CVE-2025-8088 since July 2025. Multiple state-sponsored threat actors and cybercrime groups have been exploiting a WinRAR ...

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. The open-source ...

Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple ...

New York, 27 January 2026 — United Nations Secretary-General António Guterres has appointed 15 leading experts to the Independent Expert Advisory Panel for the Multidimensional Vulnerability Index ...