Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

AI drives surge in ‘bug bounty’ reports, but the ‘slop’ is rising too

Artificial intelligence tools have driven a massive spike in crypto bug bounty submissions, though a large portion of them are false positives.
InfoQ

npmx Reaches Alpha: Community Driven Alternative Browser for the npm Registry

Daniel Roe and over 250 contributors. It emphasizes speed and features absent in the official npmjs.com interface, such as ...
The Hacker News

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.

Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI

Mozilla says Firefox 150 patches 271 vulnerabilities found with Anthropic’s restricted Mythos AI, highlighting how quickly AI ...
The Hacker News

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Monday cybersecurity recap on evolving threats, trusted tool abuse, stealthy in-memory attacks, and shifting access patterns.
Bleeping Computer

Claude Code source code accidentally leaked in NPM package

Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no customer data or credentials were exposed. While Anthropic pledges support to the ...

Mozilla uses Anthropic's Mythos to uncover 271 bugs in Firefox 150

The result, in the view of Firefox CTO Bobby Holley, marks a decisive shift in the long-running asymmetry between attackers ...
The Next Web

Mozilla patched 271 Firefox bugs found by Anthropic’s Mythos, and says the zero-day era has an expiration date

Firefox 150 ships 271 bug fixes found by Claude Mythos Preview. Mozilla says the defects are finite. The UK AI Security Institute says the model can also attack autonomously.