Bleeping Computer

Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. The open-source ...
The Hacker News

npm’s Update to Harden Their Supply Chain, and Points to Consider

In short, npm has taken an important step forward by eliminating permanent tokens and improving defaults. Until short-lived, ...