The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
Infosecurity Magazine

Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core

A critical sandbox escape vulnerability in Grist-Core has been disclosed that allows remote code execution (RCE) through a ...

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...
CSO Online

Contagious Interview turns VS Code into an attack vector

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist ...

Anura Stops AI-Assisted SIVT Threat That Bypasses JavaScript-Based Fraud Detection Solutions

Anura.io is a trusted leader in ad fraud prevention, known for delivering high-accuracy, low-false-positive detection of invalid traffic. By focusing on innovation and technology, Anura helps ...

Trump tells Iran ‘next attack will be far worse’ amid concerns over possible U.S. strike

Saudi Arabia and the United Arab Emirates, have signalled they won’t allow their airspace to be used for any attack ...

Jamf has a warning for macOS vibe coders

Just yesterday, we noted the growing threat of ransomware. Now, Jamf Threat Labs is warning that North Korean threat actors ...
The Caledonian-Record

Specificity Announces Partnership with A2SPA to Secure Agentic AI Execution in AdTech

SARASOTA, FLORIDA / / January 27, 2026 / Specificity (OTCID:SPTY), a leading digital marketing agency specializing in hybrid ...
SecurityWeek

North Korean Hackers Target macOS Developers via Malicious VS Code Projects

North Korean hackers target macOS developers with malware hidden in Visual Studio Code task configuration files.
The Indiana Lawyer

Firing squad, gas execution methods move out of Indiana House committee

Firing squad and nitrogen hypoxia would be allowed alongside lethal injection to carry out Indiana’s death penalty under a ...