How to easily encrypt your files on an Android phone - for free

How to easily encrypt your files on an Android phone - for free ...
The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
Forbes

FBI Warns iPhone And Android Users—End-To-End Encryption Won’t Protect You

Forbes contributors publish independent expert analyses and insights. Zak Doffman writes about cybersecurity, surveillance and privacy. This voice experience is generated by AI. Learn more. This voice ...
Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...

Minister faces calls from MPs to amend lawful access bill to prevent compromising encryption

Public Safety Minister Gary Anandasangaree faced calls from opposition MPs Tuesday to amend the federal government’s lawful ...
InfoWorld

The best JavaScript certifications for getting hired

Earn these JavaScript certs to demonstrate mastery of the most in-demand skills for the world’s most-used programming language.
CSO Online

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
CSO Online

Expired domain leads to supply chain attack on node-ipc npm package

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...

Lawful-access bill could threaten encryption, deter investment, Chamber of Commerce warns

Bill would require telecoms, internet companies to change systems to give surveillance, monitoring capabilities to ...