The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
Cryptopolitan on MSN

Cloudflare shares surges by double digits in premarket trading after its AI agent, Clawdbot, raised investor expectations

Cloudflare shares have surged by double digits in premarket trading after its AI agent, Clawdbot, raised investor ...
ET CIO

7 Best AI Code Review Tools for DevOps Teams in 2026

Discover the leading AI code review tools reshaping DevOps practices in 2026, enhancing code quality, security, and team productivity with automated solutions.

Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

ReversingLabs 2026 Software Supply Chain Security Report Identifies 73% Increase in Malicious Open-Source Packages

According to the firm’s latest supply chain security report, there was a 73% increase in detections of malicious open-source packages in 2025. The past year also saw a huge jump in the scope of ...
InfoWorld

OpenSilver 3.3 runs Blazor components inside XAML apps

New version of the open-source replacement for Microsoft Silverlight also brings support for .NET 10 and C# 14.