Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Online archives of over 20 years of tech reporting | The Register

Dive into The Register's online archive of incisive tech news reporting, features, and analysis dating back to 1998 ...

One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...

Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

Daemon Tools, a widely used app for mounting disk images, has been backdoored in a monthlong compromise that has pushed ...
SecurityWeek

Trellix Source Code Repository Breached

Trellix says a part of its source code repository was recently breached, but shared little other information about the ...
Morning Overview on MSN

Malicious open-source packages surge 73% in 2026 as threat actors weaponize the software supply chain

In the first five months of 2026, security researchers have flagged more malicious packages on the npm registry than in all ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
CoinDesk

Crypto's massive exploit may force big banks to rethink their blockchain plans, Jefferies warns

A major decentralized finance (DeFi) hack could prompt Wall Street firms to reassess the pace of their blockchain and tokenization efforts, a Jefferies analyst wrote in a report. The note follows a ...
CoinDesk

The $292 million Kelp exploit: how it happened, and what it means for DeFi

A roughly $292 million exploit over the weekend has rattled the crypto industry, exposing vulnerabilities in decentralized finance (DeFi) infrastructure and raising concerns about knock-on effects ...
TheStreet.com

Major DeFi hack becomes the largest of 2026 yet

The cryptocurrency industry is facing a severe security crisis. In just under 20 days, digital asset platforms have lost more than $605 million to cyberattacks. The latest and most devastating ...
CoinTelegraph

Kelp exploit highlights problem with non-isolated DeFi lending: Crypto execs

The contagion from the Kelp exploit could have been contained, but at the cost of capital efficiency, according to the founder of Curve Finance. The exploit of the Kelp liquid restaking protocol shows ...