The Hacker News

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

CISA adds 8 exploited vulnerabilities to KEV, sets April 23 and May 4, 2026 deadlines, driving urgent federal patching.

Nginx 1.30 changes default proxy behavior

ECH encrypts the TLS handshake, backends speak HTTP/2, and Multipath TCP uses multiple network paths in parallel.
The Hacker News

⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

Stay ahead of the logs with our Monday Recap. We break down active Adobe 0-days, North Korean crypto stings, and critical CVEs you need to patch today ...
IEEE

SecBench.js: An Executable Security Benchmark Suite for Server-Side JavaScript

Abstract: NPM is the largest software ecosystem in the world, offering millions of free, reusable packages. In recent years, various security threats to packages published on npm have been reported, ...
GitHub

Low-Level OAuth 2 / OpenID Connect Client API for JavaScript Runtimes

This software provides a collection of routines that can be used to build client modules for OAuth 2.1, OAuth 2.0 with the latest Security Best Current Practices (BCP), and FAPI 2.0, as well as OpenID ...