The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
The Hacker News

Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware

A fake VS Code extension posing as a Moltbot AI assistant installed ScreenConnect malware, giving attackers persistent remote ...
InfoWorld

Why your next microservices should be streaming SQL-driven

Built-in functions, UDFs, materialized results, and integrations with ML and AI models make streaming SQL a compelling choice ...

OpenAI spills technical details about how its AI coding agent works

On Friday, OpenAI engineer Michael Bolin published a detailed technical breakdown of how the company’s Codex CLI coding agent ...

WhatsApp has quietly introduced a new 'LOCKDOWN' mode – here's how you can try it

WhatsApp has launched a new 'lockdown' mode, known as strict account settings, that protects users from sophisticated cyber ...
CIO

How Chainguard Helps CIOs Reduce Open Source Risk and CVE Overload

Keith: John, tell us a little bit about Chainguard and what you’re going to be showing us on DEMO today. John: Definitely.

Investors punish Big Tech AI spending that delivers slower growth

Investors responded to Big Tech earnings this week with a stark warning: they will forgive record spending that brings solid ...

Shutdown Threatens to Hit IRS as Trump Touts Massive Tax Refunds

Taxpayers could face long waits for IRS responses to questions on a slew of complicated new tax changes this filing season, ...

Cold war files uncover Ajax coach Stefan Kovacs’ role as secret agent

Kovacs led Ajax in 1971 after winning Romania's title with Steaua Bucharest in 1968. He won three Dutch league titles and two ...

Democrats demand major overhaul to ICE, as government shutdown risk skyrockets

Democrats in Congress are digging in against any funding deal with President Donald Trump this week that doesn’t include ...
WeLiveSecurity

Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan

ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation.

Montreal blue-collar workers disrupt session at city hall, plan strike day

A blue-collar workers' protest moved inside Montreal city hall Wednesday, forcing council to suspend its session as it ...