Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

AI drives surge in ‘bug bounty’ reports, but the ‘slop’ is rising too

Artificial intelligence tools have driven a massive spike in crypto bug bounty submissions, though a large portion of them are false positives.
InfoQ

npmx Reaches Alpha: Community Driven Alternative Browser for the npm Registry

Daniel Roe and over 250 contributors. It emphasizes speed and features absent in the official npmjs.com interface, such as ...

Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI

Mozilla says Firefox 150 patches 271 vulnerabilities found with Anthropic’s restricted Mythos AI, highlighting how quickly AI ...
The Hacker News

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.
The Hacker News

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Monday cybersecurity recap on evolving threats, trusted tool abuse, stealthy in-memory attacks, and shifting access patterns.
Bleeping Computer

Claude Code source code accidentally leaked in NPM package

Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no customer data or credentials were exposed. While Anthropic pledges support to the ...

Mozilla uses Anthropic's Mythos to uncover 271 bugs in Firefox 150

The result, in the view of Firefox CTO Bobby Holley, marks a decisive shift in the long-running asymmetry between attackers ...
Forbes

AI Just Hacked One Of The World's Most Secure Operating Systems

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. An autonomous agent found, analyzed and exploited a FreeBSD kernel vulnerability in four ...