The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.

Chrome Vulnerabilities Allow Code Execution, Browser Crashes

Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via ...

Rio Tinto and Glencore call off latest effort to merge

Failed attempt to create world’s largest miner follows Rio’s bid to retain both chair and CEO roles at the combined company ...
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable ...
SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

n8n security woes roll on as new critical flaws bypass December fix

The vulnerabilities, collectively tracked as CVE-2026-25049, stem from weaknesses in how n8n sanitizes expressions inside workflows and could enable authenticated users to smuggle malicious code past ...
SecurityWeek

Critical N8n Sandbox Escape Could Lead to Server Compromise

A critical n8n flaw could allow attackers to use crafted expressions in workflows to execute arbitrary commands on the host.

How one software engineer is using AI to rethink fashion production and reduce waste

The founder of Couth Studios is applying machine-learning tools and customer data to challenge fashion’s traditional ...

Deno Deploy is generally available

With Deno Deploy, developers can deploy JavaScript and TypeScript applications to the web. The new Deno Sandbox is available ...