Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be ...
The Hacker News

GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites

Huntress finds three GootLoader infections since Oct 27, 2025; two led to domain controller compromise within 17 hours.

ClickFix malware attacks evolve with multi-OS support, video tutorials

ClickFix attacks have evolved to feature videos that guide victims through the self-infection process, a timer to pressure ...
The Hacker News

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities ...

Indian Government Warns Google Chrome Users Of Severe Security Flaws: Here’s How To Stay Safe

Google Chrome users on desktop platforms such as Windows, macOS, and Linux are urged to update their browsers due to a ...
InfoWorld

How GlassWorm wormed its way back into developers’ code — and what it says about open source security

Weeks after being declared eradicated, GlassWorm is again infesting open source extensions using the same invisible Unicode ...
InfoWorld

Agentic coding with Google Jules

Jules performs better than Gemini CLI despite using the same model, and more like Claude Code and OpenAI Codex.
India Today on MSN

Google Chrome users in India at risk, Govt urges immediate update to prevent attacks

CERT-In has issued a high-severity warning for users of Google Chrome across Windows, macOS, and Linux, citing multiple ...
Make Tech Easier

Ethical Hacking Tool RedTiger Abused to Steal Browser and Discord Data – How to Stay Safe

Hackers have turned the RedTiger toolkit into a data-stealing weapon. This post breaks down the threat and the steps to keep your PC safe.
Morning Overview on MSN

Windows 11 finally gets a real em dash shortcut

In a move that brings it closer to the user-friendly features of macOS, Microsoft is finally introducing a dedicated shortcut ...
Global Investigative Journalism Network

How Non-Coding Journalists Can Build Web Scrapers With AI — Examples and Prompts Included

It helps journalists verify hypotheses, reveal hidden insights, follow the money, scale investigations, and add credibility ...

Infostealer for Windows, macOS and Linux found in ten packages on npm

The npm packages were available since July, have elaborately obfuscated malicious routines, and rely on a fake CAPTCHA to ...