The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

RenderATL 2026 to Host OpenJS Summit: Spotlighting the Future of JavaScript

RenderATL, the leading tech conference merging innovation, culture, and code, today announced a first-of-its-kind collaboration with the OpenJS Foundation to host a dedicated OpenJS Summit at ...
The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...
CSO Online

AI-powered polymorphic attack lures victims to phishing webpages

A new breed of malware uses various dynamic techniques to avoid detection and create customized phishing webpages.
CSO Online

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...

Adebayo’s 26 points and 15 rebounds lead Heat to dominant 147-116 win over Jazz

Bam Adebayo scored 26 points and grabbed 15 rebounds, leading the Miami Heat to a 147-116 win over the Utah Jazz.

Maxey scores 36, Embiid has triple-double in 76ers’ 128-122 overtime win over the Rockets

Tyrese Maxey scored six of his 36 points in overtime, Joel Embiid had 32 points, 15 rebounds and 10 assists and the ...