Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

RenderATL 2026 to Host OpenJS Summit: Spotlighting the Future of JavaScript

RenderATL, the leading tech conference merging innovation, culture, and code, today announced a first-of-its-kind collaboration with the OpenJS Foundation to host a dedicated OpenJS Summit at ...
The Hacker News

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

ClickFix uses fake CAPTCHAs and a signed Microsoft App-V script to deploy Amatera stealer on enterprise Windows systems.
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
TMCnet

Anura Stops AI-Assisted SIVT Threat That Bypasses JavaScript-Based Fraud Detection Solutions

About Anura Anura.io is a trusted leader in ad fraud prevention, known for delivering high-accuracy, low-false-positive ...
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...

Steam Game Devs Call Exploit Allegations ‘Clickbait Exaggeration’ And ‘Malicious Defamation’

As of this writing, the game is currently sitting at a “Very Positive” review score on Steam, having amassed roughly 1,876 reviews and, according to VG Insights, over 113,000 individual purchases.

Y Combinator CEO Garry Tan is 'addicted' to this AI tool, says: 'I didn't sleep till…'

Y Combinator's Garry Tan is reportedly 'addicted' to Anthropic's Claude Code, an AI tool that writes, fixes, and explains ...

Hackers are using LLMs to build the next generation of phishing attacks

What if a phishing page was generated on the spot?

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...

These were the hottest housing markets in New York City's outer boroughs in Q4

One local ZIP code emerged as the hottest housing market in Q4, with homes selling faster and prices showing stronger ...

Employers are changing their approach to pay raises — and who gets them

The labor market has cooled significantly since the post-pandemic hiring boom, and that's changing how employers approach ...