The Hacker News

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

ClickFix uses fake CAPTCHAs and a signed Microsoft App-V script to deploy Amatera stealer on enterprise Windows systems.

Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
Variety

Meet Shane Hollander’s Mom: ‘Heated Rivalry’ Star Christina Chang on Parenting Queer Children and Thinking the Scripts Were ‘Soft Core Porn’ at First

SPOILER ALERT: This article contains details about Episode 6 of “Heated Rivalry,” now streaming on HBO Max. In what proved to be one of the most powerful scenes of the six-episode queer romance sports ...