InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
CSO Online

Expired domain leads to supply chain attack on node-ipc npm package

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...

Latenode Launches Managed AI Automation Approach for Business Teams

Latenode, an AI workflow automation platform, today announced the launch of its managed AI automation approach for business teams that want workflows built, launched, and supported without handling ...
InfoWorld

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.
Analytics Insight

Top Web Development Books Every Developer Should Read in 2026

Overview:  AI coding tools are transforming software development, but strong programming fundamentals and system design ...

US says it has targeted Iranian military facilities after responding to attacks on navy ships

The US says it targeted Iranian "missile and drone launch sites; command and control locations; and intelligence, ...

Anthropic’s Bun Rust rewrite merged at speed of AI

A pull request with a Rust version of Anthropic’s Bun, a JavaScript toolkit and runtime originally written in Zig, has been ...

Asentum Unveils Post-Quantum Blockchain Testnet, Introducing a New Foundation for Secure and Accessible On-Chain Systems

Asentum is a new blockchain architecture that rethinks the assumptions underlying current networks. Rather than retrofitting legacy systems, Asentum is designed from genesis to address three emerging ...

AI Porting: Claude Rewrites Bun Codebase in Rust

The JavaScript and TypeScript server and bundler Bun will consist of Rust code in the future. Within weeks, Claude Code ...