Automation tool n8n: Updates patch code injection flaws

In the automation tool n8n, eleven security vulnerabilities have been discovered. Three of these are considered critical ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
CSO Online

VMware fixes command injection flaw in Aria Operations

Two other flaws were patched by the virtualization vendor, impacting Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure as well.
The Hacker News

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

RoguePilot flaw let GitHub Copilot leak GITHUB_TOKEN, while new studies expose LLM side channels, ShadowLogic backdoors, and promptware risks.

When Do You Need to Call a Tree Doctor?

You probably aren’t watering or pruning the 75-foot oak or maple in the front yard, but mature trees aren’t maintenance free.
CSO Online

Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a ...
WTHI News10

New records show additional Indiana dollars paid for last round of execution drugs

New records from the governor’s office show Indiana paid $100,000 for execution drugs used in October — bringing the total ...

Nokod Security Sets New Standard for Citizen Development Governance and Security with Platform Expansion into Retool

New integration delivers visibility and governance for Retool apps, workflows, and AI agentsNEW YORK and TEL AVIV, Israel, Feb. 25, 2026 (GLOBE NEWSWIRE) -- Nokod Security, the leading security ...

OPINION: Henry Waxman: Congressional Chameleon

The following is an excerpt from the forthcoming book, “Stuck: How Money, Media, and Violence Prevent Change in ...

BeyondTrust Remote Support exploitation ramps up with backdoors, remote tools

A critical vulnerability in BeyondTrust Remote Support is facing an increase in threat activity, with hackers deploying ...