The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

New sandbox escape flaw exposes n8n instances to RCE attacks

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, ...
The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
WinBuzzer

ChatGPT’s Code Execution Containers Gain Bash Support and Multi-Language Code

ChatGPT has quietly gained bash support and multi-language capabilities, enabling users to run commands and install packages in containers without official announcements.

Veracode Releases Platform Enhancements as Software Supply Chain Attacks Surge

Veracode announced key platform innovations introduced through the second half of 2025, providing preventive control for software supply chains.
Williamsport Sun-Gazette

Local roundup: Gusick, Jones lift Loyalsock boys past Hughesville

Brecken Gusick scored a game-high 17 points and Saoj Jones was right behind with 16 as Loyalsock defeated Hughesville, 61-48. The Lancers (12-6) pulled away from Hughesville in the second half and ...