Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

Cookbook author Natasha Pickowicz wants everyone to get in on hot pot

Natasha Pickowicz had her first hot pot before she could walk. “When I asked my mom what her first memory was of me being at the hot pot table, she was like, ‘Oh, we strapped you in when you were a ...

Steam Game Devs Call Exploit Allegations ‘Clickbait Exaggeration’ And ‘Malicious Defamation’

As of this writing, the game is currently sitting at a “Very Positive” review score on Steam, having amassed roughly 1,876 reviews and, according to VG Insights, over 113,000 individual purchases.

Hackers are using LLMs to build the next generation of phishing attacks - here's what to look out for

A victim would be phished to visit a seemingly benign webpage. It contains no visible malicious code, but once loaded, it ...

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...

Quesma Releases OTelBench: Independent Benchmark Reveals Frontier LLMs Struggle with Real-World SRE Tasks

New benchmark shows top LLMs achieve only 29% pass rate on OpenTelemetry instrumentation, exposing the gap between ...
InfoQ

Two Missing Characters: How a Regex Flaw Exposed AWS GitHub Repos to Supply-Chain Risk

AWS recently published a security bulletin acknowledging a configuration issue affecting some popular AWS-managed open-source ...

How bad is your stove for your health? Look it up.

Stanford University scientists’ new model estimates exposure to the pollutant nitrogen dioxide based on home size, how often ...

Learn OpenCode Fast to Run AI Tasks in Parallel

Set up OpenCode on desktop, web, or terminal and add Context 7 MCP for instant API docs, helping you code with fewer ...
Cybernews

Cybercrooks are now creating live, personalized phishing pages in real time

At first glance, it’s a normal and harmless webpage, but it’s able to transform into a phishing site after a user has already ...

I used one simple script to remove AI from popular browsers (including Chrome and Firefox)

Chrome, Edge, and Firefox are full of bloatware, with AI among the features most of us don't want. This free tool is your ticket back to the good old days.