Node.js Releases 8 CVEs in 6 Days: Security Crisis?
Node.js released emergency security patches on Tuesday, January 13, 2026, addressing 8 CVEs—3 HIGH severity, 4 MEDIUM, 1 LOW—affecting ALL supported versions: 20.x, ...
OpenCode CVSS 10.0 RCE: AI Coding Tool’s Security Failure
OpenCode shipped with a CVSS 10.0 RCE vulnerability allowing any website to execute code on ...
OpenAI Admits Prompt Injection Attacks Are Unsolvable
On December 22, 2025, OpenAI publicly admitted that prompt injection attacks against AI-powered browsers and ...
Prompt Poaching: Chrome Extensions Steal AI Chats from 900K Users
Over 900,000 Chrome users just had their ChatGPT and DeepSeek conversations stolen. Not by hackers ...
Instagram API Breach Exposes 17.5M Users via Scraping Attack
A hacker published data from 17.5 million Instagram users on the dark web last week, ...
React2Shell: 85,000 Next.js Apps Still Exposed to CVSS 10.0 Flaw
A critical vulnerability in React Server Components is being actively exploited by state-sponsored actors and criminal botnets right now. More than 84,000 production ...
Flock Safety Hardcoded 53 Passwords in Police Cameras
Security researcher Ben Jordan discovered this week that Flock Safety—whose 90,000 surveillance cameras track 20 ...
Vietnam Bans Rooted Phones From Banking – Why This Fails
Vietnam's rooted phone banking ban takes effect March 2026. Why this security theater will fail ...
IBM Bob AI Agent Tricked into Running Malware via Prompt Injection
IBM’s AI Coding Agent Tricked into Running Malware IBM’s AI coding agent “Bob” can be ...
Tailscale Disables TPM Encryption: Security-by-Default Fails
Tailscale disabled TPM state file encryption by default Jan 7, 2026 after firmware updates broke ...
