CSO Online

Critical bug in popular vm2 Node.js sandboxing library puts projects at risk

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and ...
The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...

Maryland Gov. Wes Moore says Sphere venue is key to state's economic diversification

Maryland Gov. Wes Moore says the proposed Sphere venue in Prince George's County is part of a larger push to diversify the ...
InfoWorld

jQuery 4.0.0 JavaScript library features trusted types

The first major update in nearly 10 years, jQuery 4.0.0 follows a long development cycle and several pre-releases.
The Escapist

Animal Crossing New Horizons Switch 2 update and version 3.0 release: Everything new and when you can play

Animal Crossing: New Horizon fans, rejoice! The original Nintendo Switch’s second-best-selling game is getting new content in 2026, almost six years after its original launch – and a Switch 2 port, ...