The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
CSO Online

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

The 10-gate AI search pipeline: Find where your content fails

AI search is a multiplicative system where one weak signal limits results. Diagnose bottlenecks, prioritize fixes, and ...
Security Boulevard

AI Vulnerability Chaining – Why Your Security Stack Cannot Detect What Comes Next

Mythos combined four separate low-severity bugs into a complete browser sandbox escape. Traditional scanners evaluate vulnerabilities in isolation. That assumption is now broken.
New York Post

Iran’s youth form human chains around power plants after Trump warns of ‘complete demolition’

Iran called on its youth Tuesday to form human chains around its power plants — after President Trump threatened to decimate the Islamic Republic’s energy infrastructure if Tehran fails to reopen the ...
The Hill

Iran calls for human chains around power plants ahead of Trump deadline

Iranian officials on Tuesday urged their people to form human chains around power plants as the country faces a deadline set by President Trump to reopen the Strait of Hormuz or risk major strikes on ...
Developer Tech

Axios npm attack causes JavaScript supply chain chaos

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million weekly downloads. The North Korean state actor Sapphire Sleet compromised the ...
Bleeping Computer

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. One malicious ...
Krebs on Security

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected ...
IEEE

SCOPE-MoE: Supply Chain Forecasting with a Pretrained MoE-Based Large Time Series Model in E-Commerce

Abstract: Rapid expansion of E-commerce intensified demands for accurate and scalable Supply Chain Management (SCM). The core of the SCM is demand and logistics flows forecasting. However, traditional ...
blockchain

List of AI News about ModelScope

According to @godofprompt, builders can now deploy multimodal AI agents at lower infrastructure cost by combining smaller Qwen 3.5 family models with smarter system architecture, maintaining equal or ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...