New research challenges traditional views of how the brain makes decisions, suggesting that even its earliest regions play a more active and dynamic role than previously thought.
Get the latest international news and world events from around the world.
Google’s Android Apps Get Public Verification to Stop Supply Chain Attacks
Google expands Android Binary Transparency after May 1, 2026 to verify app authenticity, reducing supply chain attack risks.
Critical vm2 sandbox bug lets attackers execute code on hosts
A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system.
The security issue is tracked as CVE-2026–26956 and has been confirmed to impact vm2 version 3.10.4, although earlier releases may also be vulnerable. Proof-of-concept (PoC) exploit code has been published.
In the security advisory, the maintainer says that the issue only impacts environments with Node.js 25 (confirmed on Node.js 25.6.1) that have enabled WebAssembly exception handling and JSTag support.
Hackers abuse Google ads for GoDaddy ManageWP login phishing
A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy’s platform for managing fleets of WordPress websites.
The threat actor is using an adversary-in-the-middle (AitM) approach where the fake login page acts as a real-time proxy between the victim and the legitimate ManageWP service.
ManageWP is a centralized remote administration platform for WordPress websites, enabling users to manage multiple sites from a single panel instead of logging into separate dashboards. Common users include web developers, web agencies managing client sites, and enterprises.
New Cisco DoS flaw requires manual reboot to revive devices
The company advised customers at the time to contact its Technical Assistance Center (TAC) to have them brought back online, as this required manual intervention.
Last year, Cisco patched another DoS vulnerability (CVE-2025–20115) that allowed attackers to crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message.
DAEMON Tools devs confirm breach, release malware-free version
Disc Soft Limited, the maker of DAEMON Tools Lite, confirmed that the software had been trojanized in a supply chain attack and released a new, malware-free version.
“Within less than 12 hours of identifying the issue, we were able to implement a solution. Based on our current findings, the issue was limited to the free DAEMON Tools Lite version and did not affect any of our other products,” Disc Soft told BleepingComputer.
“We have not identified evidence supporting claims that all DAEMON Tools users were impacted, and at this stage, we are not in a position to confirm any impact on paid versions customers. Our current analysis indicates that DAEMON Tools Pro and DAEMON Tools Ultra were not affected and absolutely safe.”