The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
Cryptopolitan

Crypto wallets targeted in SAP-linked npm supply-chain attack

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...

Moderne Expands Agent Tools Platform with C# Support for Deterministic .NET Transformation

Moderne, the Agent Tools company for AI-driven software engineering, today announced C# language support across its platform, extending deterministic, large-scale code transformation to .NET codebases ...

Tickblaze Launches WebTrader, a Browser-Based Trading Platform Powered by TradingView ...

Tickblaze, a trading technology provider serving proprietary trading firms, brokerages, and professional traders, today announced the launch of Tickblaze WebTrader, a fully browser-based trading ...

From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...
The Security Ledger

How Claude Planted Malicious Code In A Crypto-Trading App

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...
Arabian Post on MSN

Firefox 150 closes code execution risks

Mozilla has released Firefox 150 with a broad security update that fixes 41 vulnerabilities, including multiple high-impact flaws tied to memory handling, browser components and privilege controls, ...
GitHub

Pay-per-use isolated code execution for AI agents

AI agents can reason, plan, and act — but the moment they need to run code, they hit a wall. Existing sandboxes require API keys, manual signup, human approval, and monthly subscriptions. None of that ...
VentureBeat

Hackers slipped a trojan into the code library behind most of the internet. Your team is ...

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...
Design News

3 Reasons Code Coverage Isn't Telling You What You Think

Code coverage is one of the most widely used quality metrics in embedded software development. Nearly every team I start working with tells me they aim to reach 80%+ code coverage. In fact, many ...
VentureBeat

Anthropic just shipped an OpenClaw killer called Claude Code Channels, letting you message ...

Credit: VentureBeat made with Google Gemini 3.1 Pro Image The hit open source autonomous AI agent OpenClaw may have just gotten mogged by Anthropic. Today, Anthropic announced Claude Code Channels, a ...