From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...
The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.