Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

RenderATL 2026 to Host OpenJS Summit: Spotlighting the Future of JavaScript

RenderATL, the leading tech conference merging innovation, culture, and code, today announced a first-of-its-kind collaboration with the OpenJS Foundation to host a dedicated OpenJS Summit at ...

Anura Stops AI-Assisted SIVT Threat That Bypasses JavaScript-Based Fraud Detection Solutions

Anura identified and successfully mitigated a new form of Sophisticated Invalid Traffic (SIVT) that uses artificial ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...
The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...
Enterprise Times

Yottaa launches MCP server purpose-built for eCommerce performance intelligence

Yottaa have announced the launch of its Model Context Protocol (MCP) server. Yotta says this makes it the first eCommerce-focused performance vendor to ...

「仮面ライダーゼッツ」玉城裕規、小柳心、平川結月がCODEの ...

特撮ドラマ「仮面ライダーゼッツ」に登場する新キャラクターの詳細が明らかに。極秘防衛機関CODE(コード)のエージェント・コードナンバー:スリー、コードナンバー:ファイブ、コードナンバー:シックスを玉城裕規、小柳心、平川結 ...

JavaScriptライブラリ「jQuery」が約10年ぶりのメジャー更新 ~「IE 10 ...

JavaScriptライブラリ「jQuery」が1月17日(米国時間)、v4.0.0へとアップデートされた。約10年ぶりのメジャーリリースとなる。