The Wire
Curated cybersecurity and tech news — AI-summarized, source attributed.
Twelve critical vm2 sandbox escapes expose Node.js hosts to RCE
Researchers disclosed twelve critical vulnerabilities in vm2, the popular Node.js library used to run untrusted JavaScript inside a proxied sandbox. Every flaw
Two Decades of Cyber: 20 Inflection Points From Stuxnet to ChatGPT
Dark Reading frames the modern cybersecurity era through 20 pivotal events, anchored at one end by Stuxnet's 2010 demonstration that code could physically destr
Valve drops Steam Controller CAD files under CC non-commercial license
Valve has published CAD files for its newly shipping Steam Controller and Puck, including .STP and .STL exports of the external shell plus engineering diagrams
vm2 sandbox escape via WebAssembly exception handling enables host RCE
CVE-2026-26956 lets attackers break out of vm2, a Node.js sandbox library pulling 1.3M weekly npm downloads, and execute arbitrary code on the host. The flaw hi
Willison: The line between vibe coding and agentic engineering is blurring
Simon Willison reflects on a shift in his own AI-assisted coding practice. He previously drew a sharp line between 'vibe coding' — accepting AI output without r
Windows Phone Link Abused to Siphon SMS and Defeat 2FA
Attackers are weaponizing Microsoft's Phone Link feature, the built-in Windows utility that pairs a PC with a mobile device for messaging and notifications, to
xlabs_v1 botnet hijacks ADB-exposed Android TVs and IoT for DDoS-for-hire
A new Mirai variant calling itself xlabs_v1 is enlisting Android-based devices into a DDoS-for-hire network by exploiting Android Debug Bridge services left exp
AI-run Stockholm cafe wastes supplier and police time, raising experiment ethics
Andon Labs has expanded its AI-managed business experiment from a San Francisco retail store to a cafe in Stockholm, where an AI named Mona handles inventory an
Apache HTTP/2 Double-Free in mod_http2 Opens Path to DoS and RCE
Apache HTTP Server 2.4.66 ships with a double-free vulnerability in mod_http2's stream cleanup logic, tracked as CVE-2026-23918 with a CVSS of 8.8 and patched i
Cargo Theft Goes Hybrid as Crews Pair Logistics Hacks With Truck Hijacks
Cargo theft is no longer a purely physical crime. Threat actors are now compromising freight broker accounts, load boards, and transportation management systems
China-Nexus UAT-8302 Hits Govt Targets With Shared APT Toolkit
Cisco Talos has attributed a campaign against South American and southeastern European government entities to UAT-8302, a China-nexus APT operating since at lea
Cloudflare and Stripe ship protocol letting agents create accounts and buy domains
Cloudflare and Stripe have launched a protocol that lets coding agents handle the full deployment lifecycle without human-in-the-loop friction beyond initial co