Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
The Hacker News

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

ClickFix uses fake CAPTCHAs and a signed Microsoft App-V script to deploy Amatera stealer on enterprise Windows systems.
USA Today

Websites in Mississippi hit by denial-of-service attack as country votes during midterm elections

Some Mississippi state websites were briefly knocked offline Tuesday after so-called distributed denial-of-service (DDoS) attacks as voters turned out at polling sites across the state and the country ...
Yahoo

Feds are hunting teenage hacking groups like ‘Scattered Spider’ who have targeted $1 trillion worth of the Fortune 500 since 2022

Add Yahoo as a preferred source to see more of our stories on Google. What makes The Com and these groups uniquely dangerous is both their sophistication, and in how they weaponize the youth of their ...
AOL

Feds are hunting teenage hacking groups like ‘Scattered Spider’ who have targeted $1 trillion worth of the Fortune 500 since 2022

The job posts don’t immediately raise alarms, even though they’re clearly not for tutoring or babysitting. “Female candidates are a PRIORITY, even if you aren’t from US, if you do not have a clear ...