From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...
The Hacker News

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.
WinBuzzer

Tank OS Gives OpenClaw Safer Enterprise Deployment Path

Tank OS packages OpenClaw into a Fedora bootc image with rootless Podman secrets, aiming to give enterprise teams a safer ...

CISA orders feds to patch Windows flaw exploited as zero-day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems ...

Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch

Microsoft confirmed a Windows zero-click flaw tied to an incomplete patch is being exploited, putting credentials at risk for ...

New ransomware is so badly coded it destroys your files instead of holding them hostage

Check Point researchers have uncovered a new ransomware-as-a-service threat with significant design flaws. Vect 2.0 is unable ...

New ransomware wipes every file larger than 128 KB

VECT 2.0 was built to lock your files and demand a ransom. A rookie coding mistake means it's just destroying them instead.