The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

RenderATL 2026 to Host OpenJS Summit: Spotlighting the Future of JavaScript

Additional details for RenderATL 2026 and the OpenJS Summit, including programming themes and speaker participation, will be announced in the coming months. For more information about RenderATL, ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...

Jamf has a warning for macOS vibe coders

Just yesterday, we noted the growing threat of ransomware. Now, Jamf Threat Labs is warning that North Korean threat actors ...

Greenberg appoints Donald Robinson Jr. to lead Louisville codes department

The former deputy director is returning to Metro Government to lead the department at the center of Louisville’s development ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
ET CIO

7 Best AI Code Review Tools for DevOps Teams in 2026

Discover the leading AI code review tools reshaping DevOps practices in 2026, enhancing code quality, security, and team productivity with automated solutions.

Anura Stops AI-Assisted SIVT Threat That Bypasses JavaScript-Based Fraud Detection Solutions

Anura.io is a trusted leader in ad fraud prevention, known for delivering high-accuracy, low-false-positive detection of invalid traffic. By focusing on innovation and technology, Anura helps ...
Dark Reading

'Contagious Interview' Attack Now Delivers Backdoor Via VS Code

Once trust is granted to the repository's author, a malicious app executes arbitrary commands on the victim's system with no ...
ZME Science

AI Is Writing Nearly a Third of All Software Code in the US as the Technology Takes Over Silicon Valley

In the United States, the share of new code written with AI assistance has skyrocketed from a mere 5% in 2022 to a staggering ...

Hackers are using LLMs to build the next generation of phishing attacks

What if a phishing page was generated on the spot?

Microsoft Virtual Studio Code is being targeted by North Korean hackers

The contagious interview campaign continues.