The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

OpenSilver 3.3: Blazor Components Now Run Directly Inside XAML Applications

Userware today released OpenSilver 3.3, introducing native integration between XAML and Blazor. Developers can now embed Blazor components from libraries like DevExpress, Syncfusion, MudBlazor, Radzen ...

OpenAI spills technical details about how its AI coding agent works

On Friday, OpenAI engineer Michael Bolin published a detailed technical breakdown of how the company’s Codex CLI coding agent ...

GAF Materials to close north Minneapolis plant, laying off 120 workers

GAF is closing its north Minneapolis roofing plant in April, affecting about 120 workers; some may transfer to the company's ...

Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

RenderATL 2026 to Host OpenJS Summit: Spotlighting the Future of JavaScript

RenderATL, the leading tech conference merging innovation, culture, and code, today announced a first-of-its-kind collaboration with the OpenJS Foundation to host a dedicated OpenJS Summit at ...