Bleeping Computer

Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. The open-source ...
GitHub

Node.js module to fix mojibake when converting Latin-1 encoded text to UTF-8

When converting Latin-1 (or Windows-1252) encoded text to UTF-8, some characters may be incorrectly converted (mojibake). This module fixes those errors. Please refer to the JSDoc comments in the ...
The Hacker News

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar ...
Milwaukee Journal Sentinel

FBI, local agencies assist after item prompts Kohler Target evacuation

A suspicious item found in a cart corral prompted an evacuation at a Target in Kohler. The Milwaukee Explosive Ordnance Disposal Unit safely removed the item from the scene. Multiple agencies, ...
The Hacker News

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, ...