The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
The Hacker News

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

GitHub facades and Ethereum smart contracts power a March 2026 admin-targeted campaign, enabling resilient C2 rotation and ...

Moderne Expands Agent Tools Platform with C# Support for Deterministic .NET Transformation

Moderne, the Agent Tools company for AI-driven software engineering, today announced C# language support across its platform, extending deterministic, large-scale code transformation to .NET codebases ...

The Mystery Behind Mythos - Explained On Timesnownews.com

Mythos’s ability to autonomously exploit flaws challenges the notion of ‘secure by default’.
InfoWorld

Building AI apps and agents with Microsoft Foundry

Microsoft’s Azure-based AI development and deployment platform shines with a strong selection of models and agent types and ...
Cryptopolitan on MSN

Malicious SAP npm packages target crypto wallet data

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom ...
SecurityWeek

SAP NPM Packages Targeted in Supply Chain Attack

Four SAP NPM packages compromised in the Mini Shai-Hulud supply chain attack trigger a Bun runtime to install an information ...

Tickblaze Launches WebTrader, a Browser-Based Trading Platform Powered by TradingView, Expanding Global Access to Institutional-Grade Trading Infrastructure

Tickblaze, a trading technology provider serving proprietary trading firms, brokerages, and professional traders, today announced the launch of Tickblaze WebTrader, a fully browser-based trading ...

Kaltura Open-Sources Suite of AI Agent Skills, Enabling Any AI Agent to Build Intelligent Rich-Media Digital Experiences

(Nasdaq: KLTR), the Agentic Digital Experience company, today announced the open-source release of a suite of AI agent skills ...

Node.js 25: Escapes from JavaScript sandbox vm2 conceivable

The vm2 sandbox component of the open-source JavaScript runtime environment Node.js is vulnerable with certain settings.