Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-07 03:00 PDT
- PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
The Hacker News • 2026-05-07 02:20 • thehackernews.com
Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems.
“While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files,” Kaspersky
https://thehackernews.com/2026/05/pypi-packages-deliver-zichatbot-malware.html - vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
The Hacker News • 2026-05-06 21:15 • thehackernews.com
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems.
vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host
https://thehackernews.com/2026/05/vm2-nodejs-library-vulnerabilities.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
