The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
InfoWorld

A better way to work with SQL Server

It’s time to switch to a new development tool for SQL Server and Azure SQL. Here’s how to get started with the MSSQL ...

Microsoft Exchange 0-Day Exploit Sparks Emergency Warning — Hackers Are Attacking Unpatched Servers

Microsoft Exchange Servers are under threat from a zero-day vulnerability, exploited via crafted emails. With no official ...

MongoDB announces platform enhancements for enterprise-ready AI production

The company announced the availability of MongoDB 8.3, building on previous generations of the database software with ...

Moderne Expands Agent Tools Platform with C# Support for Deterministic .NET Transformation

Moderne, the Agent Tools company for AI-driven software engineering, today announced C# language support across its platform, extending deterministic, large-scale code transformation to .NET codebases ...

AI agent successfully moves Adobe Lightroom to Linux

Claude Code has made the digital photo tool Adobe Lightroom functional on Linux. The project began with a very simple prompt.

'ClickFix' attack tricks users into hacking themselves, ACSC warns

ClickFix relies on tricking users into essentially hacking themselves by running commands that compromise their computers. In ...

Firefox maker torches Google for building Prompt API into browser

The Prompt API, as Google describes it, "gives web pages the ability to directly prompt a browser-provided language model." ...
Dark Reading

Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain

Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open ...
XDA Developers on MSN

VS Code's task runner saves me hours every week, but almost nobody knows it exists

Everyone should be using this feature.