New ClickFix attacks abuse Windows App-V scripts to push malware

A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V ...

Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
GitHub

This project is a detailed enumeration and vulnerability assessment of the intentionally vulnerable website zero.webappsecurity.com, performed using Nmap and a suite of Nmap ...

Strong security headers are implemented, including Content Security Policy (CSP) and X-Frame-Options, which helps protect against certain web attacks like clickjacking and cross-site scripting (XSS).