A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

Microsoft warned Exchange Server customers about critical OWA vulnerability CVE-2026-42897 affecting on-premises deployments.

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow ...

Learn how a single JavaScript Date() timezone mistake silently corrupts web apps and how to fix timestamp bugs in JS, Python, ...

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

If this project helps your Cocos workflow, please consider giving it a Star. It helps more developers discover the project and supports ongoing development. Funplay MCP for Cocos is an MIT-licensed ...

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...

Iran is set to execute its first female protester tied to the January 2026 uprising in Tehran, according to multiple human rights organizations. Bita Hemmati was named in a collective death sentencing ...

Iran’s barbaric regime is set to execute its first female protester over recent protests, one of an estimated 1,600 sentenced to death by the Islamic Republic in the past year. Bita Hemmati is the ...