Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...

Trust Wallet’s $7M hack shows where crypto-friendly SMEs may be vulnerable

Key takeawaysThe December 2025 Trust Wallet hack shows that vulnerabilities in crypto tools can affect crypto-friendly SMEs, even when attacks target individual users rather than ...
financefeeds

Hackers Exploit JavaScript Library to Deploy Crypto Wallet Drainers

Hackers have exploited a flaw in the React JavaScript library to inject code that drains crypto wallets onto websites, primarily on cryptocurrency platforms. The React team released a patch on ...
Crypto Briefing

Satoshi Nakamoto Institute launches fundraising for Bitcoin Library

The Satoshi Nakamoto Institute has launched a fundraising campaign to build the Library of Bitcoin, a project dedicated to preserving Bitcoin’s ideas, history, and foundational documents before they ...
CoinDesk

Filecoin Trades Little Changed, Underperforms Wider Crypto Markets

FIL consolidated with an $0.11 range representing 7.5% of the token's value, according to CoinDesk Research's technical analysis model. The critical development emerged from Filecoin's relative ...
Tech Digest

Underwater drones deployed, Javascript library vulnerable to hacking

The UK’s Royal Navy has bought a fleet of Remus 300 unmanned underwater vehicles from US defence contractor HII. Photo: HII A popular JavaScript cryptography library is vulnerable in a way which could ...
CoinTelegraph

Malicious Chrome extension skims Solana swaps with hidden extra transfers

A malicious Chrome extension called Crypto Copilot lets users trade Solana directly from X but secretly skims a small portion of the transaction. A malicious Google Chrome browser extension is letting ...
bitnewsbot

Massive Shai Hulud JavaScript Attack Hits 400+ Packages, Crypto APIs

A new JavaScript supply-chain attack has compromised more than 400 software packages, including at least 10 heavily used in the cryptocurrency sector. The ongoing infection, driven by the “Shai Hulud” ...
SiliconANGLE

Red Hat Linux gets offline management, quantum threat mitigation and new AI features

Red Hat today announced multiple product updates across its Linux, OpenShift and artificial intelligence portfolios, focusing on hybrid cloud performance, post-quantum security and developer ...
Bleeping Computer

Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...