Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...

UMass Lowell proposes hotel and second ice rink to boost entertainment district

UMass Lowell's chancellor wants to create the city's version of Kendall Square, says a new hotel and ice rink are part of ...

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...
Tech Times

6 Popular Programming Languages in 2026: Uses, Strengths, and Career Opportunities

Explore a programming languages list with top coding languages explained, their uses, job prospects, and how to choose the ...

Yottaa Launches Industry-First MCP Server Purpose-Built for eCommerce Performance Intelligence

Yottaa, the leading cloud platform for accelerating and optimizing eCommerce experiences, today announced the launch of its Model Context Protocol (MCP) server--making Yottaa the first ...

Maryland Gov. Wes Moore says Sphere venue is key to state's economic diversification

Maryland Gov. Wes Moore says the proposed Sphere venue in Prince George's County is part of a larger push to diversify the ...

NotificationX WordPress WooCommerce Plugin Vulnerabilities Impact 40k Sites

An advisory was issued for a WordPress plugin vulnerability that can enable unauthenticated attackers to inject malicious ...
The Hacker News

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.
InfoWorld

jQuery 4.0.0 JavaScript library features trusted types

The first major update in nearly 10 years, jQuery 4.0.0 follows a long development cycle and several pre-releases.

Google and Mozilla Patch 26 Security Flaws in Chrome 144, Firefox 147

Google Chrome 144 and Firefox 147 patch 26 security flaws, including high-severity bugs and sandbox escapes. Here’s what’s ...