A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...

North Korean group Konni uses AI-assisted PowerShell malware and phishing via Google ads and Discord to breach blockchain ...

Microsoft’s new winapp CLI simplifies Windows app development with one-command setup, faster testing, and easier packaging.

A hands-on comparison shows how Cursor, Windsurf, and Visual Studio Code approach text-to-website generation differently once ...

North Korean-linked hackers have targeted more than 3,100 IP addresses tied to AI, crypto, and finance firms through fake job interviews. The campaign used frau ...

North Korean hackers hit 3,136 IPs using fake job interviews to deploy malware via coding tests on LinkedIn, targeting crypto and AI firms.

A recursive vibe journalism experiment in which Microsoft 365 Copilot's 'Prompt Coach' agent is used to wholly create an ...

Once trust is granted to the repository's author, a malicious app executes arbitrary commands on the victim's system with no ...

Just yesterday, we noted the growing threat of ransomware. Now, Jamf Threat Labs is warning that North Korean threat actors ...

As part of the infamous Contagious Interview campaign, North Korean threat actors were seen abusing legitimate Microsoft Visual Studio Code in their attacks.