The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
The Hacker News

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

Researchers disclosed two n8n vulnerabilities that let authenticated users bypass JavaScript and Python sandboxes to run ...
Infosecurity Magazine

Critical and High Severity n8n Sandbox Flaws Allow RCE

Two critical security flaws in n8n have exposed sandboxing vulnerabilities, enabling remote code execution for attackers ...

Greenberg appoints Donald Robinson Jr. to lead Louisville codes department

The former deputy director is returning to Metro Government to lead the department at the center of Louisville’s development ...

State takes control of battery storage permits as towns grapple with controversial projects

Massachusetts aims to procure 5,000 megawatts of battery energy storage by 2030, with major projects proposed in Everett, ...
CSO Online

AI-powered polymorphic attack lures victims to phishing webpages

A new breed of malware uses various dynamic techniques to avoid detection and create customized phishing webpages.

New sandbox escape flaw exposes n8n instances to RCE attacks

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, ...

RenderATL 2026 to Host OpenJS Summit: Spotlighting the Future of JavaScript

Additional details for RenderATL 2026 and the OpenJS Summit, including programming themes and speaker participation, will be announced in the coming months. For more information about RenderATL, ...
InfoWorld

OpenSilver 3.3 runs Blazor components inside XAML apps

New version of the open-source replacement for Microsoft Silverlight also brings support for .NET 10 and C# 14.

Supreme Court to decide how 1988 videotape privacy law applies to online video

The Supreme Court is taking up a case on whether Paramount violated the 1988 Video Privacy Protection Act (VPPA) by ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...

Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.