Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code
Ravie LakshmananJan 26, 2026AI Security / Vulnerability Cybersecurity researchers have discovered two…
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection
Jan 16, 2026Ravie LakshmananMalvertising / Threat Intelligence The JavaScript (aka JScript) malware…
Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow
Jan 14, 2026Ravie LakshmananApplication Security / Vulnerability Node.js has released updates to…
Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages
Jan 13, 2026Ravie Lakshmanan Web Security / Data Theft Cybersecurity researchers have…
Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection
Dec 26, 2025Ravie LakshmananAI Security / DevSecOps A critical security flaw has…
New React RSC Vulnerabilities Enable DoS and Source Code Exposure
Dec 12, 2025Ravie LakshmananSoftware Security / Vulnerability The React team has released…
North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
Threat actors with ties to North Korea have likely become the latest…
Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT
Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that…
Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
Dec 03, 2025Ravie LakshmananVulnerability / Cloud Security A maximum-severity security flaw has…