Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
InfoWorld

A better way to work with SQL Server

It’s time to switch to a new development tool for SQL Server and Azure SQL. Here’s how to get started with the MSSQL ...

Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them

The updated SHub stealer variant is called Reaper, and it uses macOS Script Editor, pre-populated with the malicious payload ...
InfoQ中国 on MSN

Cloudflare推出Code Mode MCP服务器以优化AI智能体的Token使用

Cloudflare通过发布由Code Mode驱动的全新模型上下文(Model Context ...

New WordPress Plugin: MUTE Spam Blocker Brings Zero-Code Contact Form Protection to ...

The free plugin is now available on the WordPress Plugin Directory, compatible with Contact Form 7, WPForms, Ninja ...

Microsoft warns of Exchange zero-day flaw exploited in attacks

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
Communications of the ACM

Good Vibes: AI Coding Tools and Platforms

Technology that helps write computer code is not new, but advances in generative AI (GenAI) and agentic AI have catapulted ...