GitHub

FortiWeb Remote Code Execution (RCE) Exploit via CVE-2025-64446 + CVE-2025-58034 Chain

An authenticated attacker (using the account created in step 1) can execute arbitrary OS commands as root via crafted HTTP requests. By combining these two vulnerabilities, an attacker can go from ...
The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor ...
The New York Times

Kennedy Plan to Test a Vaccine in West African Babies Is Blocked

A planned U.S.-funded study of a hepatitis B vaccine drew widespread condemnation from researchers. Now the host country says it cannot proceed. By Stephanie Nolen and Christina Jewett The West ...