The Hacker News

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
The New York Times

This Gigantic Pull-Up Bar Is a Beast to Store. But It’s the Best of Its Kind.

We independently review everything we recommend. When you buy through our links, we may earn a commission. Learn more› By Harry Sawyers Harry Sawyers is an editor who has covered home improvement, ...
Hackaday

This Week In Security: Docker Auth, Windows Tools, And A Very Full Patch Tuesday

CVE-2026-34040 lets attackers bypass some Docker authentication plugins by allowing an empty request body. Present since 2024, this bug was caused by a previous fix to the auth workflow. In the ...
PCGamesN

Pull a Sword codes April 2026

April 19, 2026: We added one new [EVENT] Pull a Sword code spotted at the bottom of the game description. It's good for a free pet. How long has that been there? What are the new Pull a Sword codes?