CSO Online

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
The Hacker News

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

CVE-2026-41940 exploitation by 2,000 IPs enabled Filemanager backdoor attacks, causing credential theft and persistent access ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
IEEE

Enhanced Layered Quasi-Cyclic Low-Density Parity-Check Codes for the McEliece Cryptosystem in Satellite Communications System

Abstract: Given the rapid advancement of quantum computing technology, the McEliece cryptosystem, rooted in coding theory, stands out as one of the few cryptographic systems resilient against quantum ...

You Might Have Fallen For This CAPTCHA Scam Without Realizing — Here's What To Do Now

Security experts reveal how easy it is to get fooled by this scam and what to do if you think you've been targeted.
VentureBeat

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...