The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
InfoWorld

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

How to Install OpenAI Codex on Windows with Security Measures

Learn how to install OpenAI Codex on Windows, with essential security measures to protect your API keys, system, and ...

Moderne Expands Agent Tools Platform with C# Support for Deterministic .NET Transformation

Moderne, the Agent Tools company for AI-driven software engineering, today announced C# language support across its platform, extending deterministic, large-scale code transformation to .NET codebases ...

MongoDB announces platform enhancements for enterprise-ready AI production

The company announced the availability of MongoDB 8.3, building on previous generations of the database software with ...
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
The Tyee

Why Is This City Hall Reporter Jumping from Journalism to Politics?

In theory, once you cross over into politics from journalism, you can’t go back again. People won’t trust you — no matter how ...

'ClickFix' attack tricks users into hacking themselves, ACSC warns

ClickFix relies on tricking users into essentially hacking themselves by running commands that compromise their computers. In ...

Politics Insider: Erskine-Smith weighs options after losing nomination bid

Liberal members in the riding of Scarborough Southwest chose businessman Ahsanul Hafiz as their next provincial candidate ...

What’s going on with Billy Bishop Airport and Ford’s cellphone records, according to our Queen’s Park reporters

On May 4, Queen’s Park reporters Laura Stone and Jeff Gray answered reader questions about Ontario politics, including Doug ...