Wikipedia hit by self-propagating JavaScript worm that vandalized pages

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.
The Hacker News

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

APT28 exploited CVE-2026-21513, an MSHTML zero-day (CVSS 8.8), using malicious LNK files to bypass security controls and execute code.
GitHub

sawyer-shi/dify-plugins-tencent_cos

A powerful Dify plugin providing seamless integration with Tencent Cloud Object Storage (COS). Enables direct file uploads to Tencent Cloud COS and efficient file retrieval using URLs, with rich ...