CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

/in

A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript.
The vulnerability, tracked as CVE-2026-1245 (CVSS score: N/A), affects all versions of the module prior to version 2.3.0, which addresses the issue. Patches for the flaw were released on November 26, 2025.
Binary-parser is a

The Hacker News – ​Read More

LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords

/in

LastPass is alerting users to a new active phishing campaign that’s impersonating the password management service, which aims to trick users into giving up their master passwords.
The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenance and urging them to create a local backup of their password vaults in the next 24 hours. The

The Hacker News – ​Read More

Businesses are deploying AI agents faster than safety protocols can keep up, Deloitte says

/in

Agentic AI has been sold as a quick way to boost productivity, but it also comes with significant risks. Deloitte’s latest report sounds yet another alarm.

Latest news – ​Read More

I’ve tried dozens of E Ink tablets, but this Android checks more of my boxes than any other

/in

The Boox Note Air5 C tablet has deeply customizable note-taking features, making it an ideal planner for lists and journaling.

Latest news – ​Read More

I compared a $250 multimeter with a $25 alternative, and the results changed my mind

/in

The Neoteck 3-in-1 pen multimeter is a great choice for DIYers and amateur tinkerers.

Latest news – ​Read More

Everest Ransomware Claims McDonalds India Breach Involving Customer Data

/in

The notorious Everest ransomware group is claiming to have breached McDonald’s India, the Indian subsidiary of the American…

Hackread – Cybersecurity News, Data Breaches, AI, and More – ​Read More

‘CrashFix’ Scam Crashes Browsers, Delivers Malware

/in

The attack consists of a NexShield malicious browser extension, a social engineering technique to crash the browser, and a Python-based RAT.

darkreading – ​Read More

UStrive security lapse exposed personal data of its users, including children

/in

The online mentoring site UStrive exposed email addresses, phone numbers, and other non-public information to other logged-in users. The nonprofit told TechCrunch that the issue is now fixed, but wouldn’t commit to alerting affected individuals.

Security News | TechCrunch – ​Read More

Trump administration admits DOGE may have misused Americans’ Social Security data

/in

The revelation comes as part of a series of corrections in a legal case over DOGE’s access to Social Security Administration data.

Security News | TechCrunch – ​Read More

EU Plans Phase Out of High Risk Telecom Suppliers, in Proposals Seen as Targeting China

/in

Under the new rules, measures for 5G cybersecurity would become mandatory.

The post EU Plans Phase Out of High Risk Telecom Suppliers, in Proposals Seen as Targeting China appeared first on SecurityWeek.

SecurityWeek – ​Read More