The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
Morning Overview on MSN

Malicious open-source packages have surged 73% in 2026 as attackers poison the software supply chain

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

Shuttered Walmart could become library branch, data processing facility

Milwaukee’s Plan Commission is scheduled May 18 to consider two zoning-related requests tied to the former Walmart property ...

Schaefer Architecture could reimagine the Central Library it designed 60 years ago

The Wichita architecture firm was selected out of nine applicants to lead the design of the former Central Library into a ...
The Caledonian-RecordOpinion

Thoreau the scientist – how environmental research informed ‘Walden’ and later works

Thoreau’s work as a pioneering physical scientist is almost invisible in popular culture, according to a geologist and ...

What’s a coding course for in the age of AI? Maybe not learning to write it

Intro to Programming courses at NC State still have a no-AI policy. Heckman and Roberts are committed to that, unlike Jordan.

Google’s Mueller Flags SEO Gaps In AI Vibe Coding

Google's John Mueller and Martin Splitt shared their vibe coding experiences, noting that AI tools still need specific SEO ...
Opinion
The Indiana LawyerOpinion

Ellen Morrison Townsend: AI isn’t new legal risk — it’s old liability at greater scale

Artificial intelligence is not creating new legal risk. It is exposing — and accelerating — legal risk that has been hiding in plain sight for decades.