CSO Online

Critical bug in popular vm2 Node.js sandboxing library puts projects at risk

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and ...

Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

Trust Wallet’s $7M hack shows where crypto-friendly SMEs may be vulnerable

Key takeawaysThe December 2025 Trust Wallet hack shows that vulnerabilities in crypto tools can affect crypto-friendly SMEs, even when attacks target individual users rather than ...
financefeeds

Hackers Exploit JavaScript Library to Deploy Crypto Wallet Drainers

Hackers have exploited a flaw in the React JavaScript library to inject code that drains crypto wallets onto websites, primarily on cryptocurrency platforms. The React team released a patch on ...
Crypto Briefing

Satoshi Nakamoto Institute launches fundraising for Bitcoin Library

The Satoshi Nakamoto Institute has launched a fundraising campaign to build the Library of Bitcoin, a project dedicated to preserving Bitcoin’s ideas, history, and foundational documents before they ...
CoinDesk

Filecoin Trades Little Changed, Underperforms Wider Crypto Markets

FIL consolidated with an $0.11 range representing 7.5% of the token's value, according to CoinDesk Research's technical analysis model. The critical development emerged from Filecoin's relative ...
Tech Digest

Underwater drones deployed, Javascript library vulnerable to hacking

The UK’s Royal Navy has bought a fleet of Remus 300 unmanned underwater vehicles from US defence contractor HII. Photo: HII A popular JavaScript cryptography library is vulnerable in a way which could ...
CoinTelegraph

Malicious Chrome extension skims Solana swaps with hidden extra transfers

A malicious Chrome extension called Crypto Copilot lets users trade Solana directly from X but secretly skims a small portion of the transaction. A malicious Google Chrome browser extension is letting ...
SiliconANGLE

Red Hat Linux gets offline management, quantum threat mitigation and new AI features

Red Hat today announced multiple product updates across its Linux, OpenShift and artificial intelligence portfolios, focusing on hybrid cloud performance, post-quantum security and developer ...
Bleeping Computer

Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...
Linux Journal

AMD Confirms Zen 5 RNG Flaw: When ‘Random’ Isn’t Random Enough

AMD has officially confirmed a high-severity security vulnerability in its new Zen 5–based CPUs, and it’s a nasty one because it hits cryptography right at the source: the hardware random number ...
Hosted on MSN

Ledger CTO warns crypto users after major JavaScript account hack

Charles Guillemet says a phishing led supply-chain breach could have become a systemic disaster for crypto users. Trump’s ‘Roadless Rule’ Repeal Sparks Outrage Gigantic US Spy Plane Lands on a US ...