The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
IEEE

A Web-Based Smart Outfit Recommendation System Using Node.js, Express.js and MySQL for Dynamic Fashion Recommendations

Abstract: This research study proposes a Smart Outfit Recommendation System designed to give users personalized fashion suggestions based on their body shape, gender, skin tone, and the occasion.
MLB

Everything you need to know about the new ABS Challenge System

At long last, player protest with ball or strike calls can be handled with something other than ineffectual arguing. Beginning with the 2026 MLB season, players will have the power to appeal the ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

Microsoft Defender Experts identified a coordinated developer-targeting campaign delivered through malicious repositories disguised as legitimate Next.js projects and technical assessment materials.
CSOonline

Critical bug in popular vm2 Node.js sandboxing library puts projects at risk

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and execute arbitrary code. A critical vulnerability has been patched in vm2, a ...
Bleeping Computer

Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. The open-source ...
The Hacker News

Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow

Node.js has released updates to fix what it described as a critical security issue impacting "virtually every production Node.js app" that, if successfully exploited, could trigger a denial-of-service ...
Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
InfoWorld

Developers urged to immediately upgrade React, Next.js

Critical vulnerability in React library should be treated by IT as they did Log4j - as an emergency, warns one expert. Developers using the React 19 library for building application interfaces are ...
usace.army.mil

Army launches new training management system

NEWPORT NEWS, Va. — The U.S. Army has taken a significant step to modernize how it manages Soldiers’ training data. On Nov. 15, ATIS Training — a streamlined, intuitive platform for managing ...
Developer Tech

React Native Godot library merges 3D graphics with business apps

A new library, React Native Godot, enables developers to embed the open-source Godot Engine for 3D graphics within a React Native application. Enterprise development teams often have to balance the ...