The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
CSO Online

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
IEEE

Local and High-Order Consistency Coding and Adaptation for Cross-Hypergraph Node Classification

Abstract: Node classification is a fundamental task in hypergraph learning. Existing methods generally assume that there are a few labeled nodes given in advance. However, in a newly formed hypergraph ...
Analytics Insight

Top 10 JavaScript Books for Beginners in 2026

Want to master JavaScript in 2026? These beginner-friendly books make learning simple and effective. From fundamentals to advanced concepts, build strong coding skills with expert-recommended reads.
IEEE

Undefined-oriented Programming: Detecting and Chaining Prototype Pollution Gadgets in Node.js Template Engines for Malicious Consequences

Abstract: Prototype pollution is a type of recently-discovered, impactful vulnerability that affects JavaScript code. One important yet challenging research problem of prototype pollution is how to ...
Business Insider

Google developers find that with AI, judgment is more important than JavaScript

AI-driven coding is reshaping tech jobs, shifting developers to design and management roles. Engineers are managing multiple AI agents, which boosts productivity but could risk burnout. Google is ...
Bleeping Computer

Fake Next.js job interview tests backdoor developer's devices

A coordinated campaign targeting software developers with job-themed lures is using malicious repositories posing as legitimate Next.js projects and technical assessment materials, including ...
GitHub

Segmentation fault on macOS 26 (Tahoe) - ARM64

uWebSockets.js crashes with a segmentation fault (SIGSEGV) on macOS 26.1 (Tahoe) with Apple Silicon. The same code runs without issues on macOS 15 (Sequoia). Exception Type: EXC_BAD_ACCESS (SIGSEGV) ...
Fast Company

Exclusive: How Duolingo vibe coded its way to a hit chess game

Duolingo has been through a lot of changes over the past few years. What was once solely a language-learning app has grown into a social media marketing machine, a destination for math and music ...
cryptonews

Hackers Exploit Ethereum to Inject Malware in Popular Coding Libraries

Hackers exploit Ethereum smart contracts to inject malware into popular NPM coding libraries including "colortoolsv2" and "mimelib2" packages that conceal malicious commands. Hackers are now ...