JavaScript Sandbox vm2: Critical Vulnerability Allows Escape

The JavaScript sandbox vm2 for Node.js was actually discontinued. Now an update closes a critical security vulnerability.
CSO Online

Critical bug in popular vm2 Node.js sandboxing library puts projects at risk

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and ...

Pages, Keynote, Numbers get iOS 26 updates, here’s everything new

Pages, Keynote, and Numbers have been updated for iOS 26 with a Liquid Glass design and new features, including for Apple ...
GameSpot

New PS5 Update Is Out Now, Does What You Expect And More

It's that time of the month again, as PS5 console owners can boot up their machine and download a fresh firmware update for ...

First PlayStation 5 system update of 2026 adds read receipts and more

Hmm, upgrades.

Apple patches ancient iOS versions to keep iMessage, FaceTime, other services working

When Apple stops supporting older iPhones and iPads with the latest version of iOS or iPadOS, it usually isn’t the end of the line—Apple keeps releasing new security-only patches for those devices for ...

Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...

UMass Lowell proposes hotel and second ice rink to boost entertainment district

UMass Lowell's chancellor wants to create the city's version of Kendall Square, says a new hotel and ice rink are part of ...