The Hacker News

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...
Finbold

Bybit Security exposes macOS malware campaign targeting users searching for Claude Code

Bybit has disclosed details of a multi-stage macOS malware campaign targeting users searching for “Claude Code”.
Infosecurity Magazine

Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection

Two phishing campaigns, each using a different stealthy infection technique, are targeting organizations in attacks which aim ...

Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale

GHENT, Belgium, April 20, 2026 (GLOBE NEWSWIRE) -- Aikido Security today launched Aikido Endpoint, a lightweight security agent that protects developer devices against software supply chain attacks by ...

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...
CPO Magazine

Axios Supply Chain Attack Hits OpenAI: Users Urged to Update macOS Certificates

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

Sonatype Releases Q1 2026 Open Source Malware Index: Trust Abuse Most Successful Attack Vector

Backed by Sonatype's industry-leading security research team, Sonatype Repository Firewall helped customers prevent 136,107 open source malware attacks in Q1. To explore the full findings from the Q1 ...
Computer Weekly

April Patch Tuesday brings zero-days in Defender, SharePoint Server

The latest monthly Patch Tuesday update from Microsoft landed earlier on 14 April, including two notable zero-day flaws amid ...

OpenAI flags third-party data issue — all macOS users should update now

OpenAI rotated certificates and updated its apps out of an abundance of caution.
Geopolitical Monitor

Distributed Risk: Open-Source Software as Strategic Infrastructure

The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, ...