The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
CSO Online

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
The Register-Herald

Bookmobile summer schedule released

OAK HILL — Fayette County Public Library is poised for another summer of having its bookmobile available for the public.
The Register-Herald

Raleigh County field day has 'No Limits'

As the rest of the world tries to dictate what students with special needs can or cannot do, one Raleigh County organization ...
ADTmag

Salesforce Opens Beta for React-Based App Development on Its Platform

Salesforce is opening its platform to React developers. The Multi-Framework beta lets developers build native Salesforce apps with React while using Salesforce authentication, security, governance, ...
ABC57

St. Joseph County Assessor holds Town Hall ahead of 2026 Property Assessments

St. Joseph County Assessor Michael Castellon says transparency and education have been central to his tenure, and he is taking that effort directly to residents through a ...
heise online

Cross-platform development: React Native 0.85 gets new animation backend

Meta has released React Native 0.85. Developers can use a new animation backend and get new features in the DevTools. Node.js versions that have reached their end-of-life date, as well as Node.js ...
VentureBeat

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...
Hosted on MSN

'Exploitation is imminent' as 39 percent of cloud environs have max-severity React hole

A maximum-severity flaw in the widely used JavaScript library React, and several React-based frameworks including Next.js allows unauthenticated, remote attackers to execute malicious code on ...