The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Bun posts Rust porting guide, says rewrite is still half-baked

Bun creator Jarred Sumner has posted a Zig-to-Rust porting guide, igniting speculation that the project may migrate away from ...
Cryptopolitan on MSN

Malicious SAP npm packages target crypto wallet data

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...
Morning Overview on MSN

Malicious open-source packages have surged 73% in 2026 according to new research

Every time a developer types npm install, they are placing a bet that the package they are pulling into their project is not ...
TechrightsOpinion

The NHS is Under Attack by Anthropic and Microsoft (or Their Lemmings That Infect the NHS)

Anthropic weaponises shills and media operatives to spread claims about bugs, to mindlessly sell fear. Then, it tries to sell ...
InfoWorld

Building AI apps and agents with Microsoft Foundry

Microsoft’s Azure-based AI development and deployment platform shines with a strong selection of models and agent types and ...
CIO

19 vibe coding tools for democratizing app development

Vibe coding is legit enough that enterprises need to start experimenting. Finding the right tool for your users and use cases is the first step.

The most talked-about looks at this year's Met Gala

Celebrities arrived to the 2026 Met Gala with their take on this year's theme - Costume Art - where organisers asked ...
Infosecurity Magazine

Cline Kanban Flaw Lets Websites Hijack AI Coding Agents

Cline is one of the most widely adopted open-source AI coding assistants, and its Kanban feature provides a web-based project ...