WinRAR path traversal flaw still exploited by numerous hackers

Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity ...

Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...
IEEE

Good News for Script Kiddies? Evaluating Large Language Models for Automated Exploit Generation

Abstract: Large Language Models (LLMs) have demonstrated remarkable capabilities in code-related tasks, raising concerns about their potential for automated exploit generation (AEG). This paper ...
GitHub

patangation/roblox-script-exporter

A powerful Lua script that exports all scripts from Roblox place files (.rbxl) into organized directory structures, making it easy to version control, review, and manage your Roblox game code.
Security Boulevard

Top CVEs of December 2025

December 2025 was a brutal reality check for security teams. While most were winding down for the holidays, threat actors weaponized a tectonic shift in the landscape, headlined by the “React2Shell” ...
GitHub

AWP Executor Precision Script Injector with Stealth Anti-Ban

When precision matters, AWP Executor hits the mark. This Roblox script injector is designed for fast LUA execution, seamless stability, and a protective anti-ban cloak. Whether you’re firing up ...