The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

QB Darian Mensah joins Miami Hurricanes after legal battle with Duke

Darian Mensah has enrolled at Miami, giving the Hurricanes another standout transfer at quarterback as they come off a season ...

Despite a returning coach, West Virginia lost dozens of players to the transfer portal

West Virginia coach Rich Rodriguez didn’t mince words about what areas of his roster needed help from college football's ...
ScanNetSecurity

binary-parser ライブラリにコードインジェクションの脆弱性

独立行政法人情報処理推進機構(IPA)および一般社団法人JPCERT コーディネーションセンター(JPCERT/CC)は1月23日、binary-parserライブラリにおけるコードインジェクションの脆弱性について「Japan ...
InfoQ

.NET 10 Becomes Available on AWS Lambda as Managed Runtime and Base Image

Amazon Web Services has announced that AWS Lambda now supports the creation of serverless applications using .NET 10. With this update, developers can use .NET 10 both as a managed runtime and as a ...