Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...

MicroQuickJS can be built and executed with 10KB of RAM and about 100KB of ROM as a C library. Other requirements include that it only supports a subset of JavaScript ...

A JavaScript sandbox bug rated CVSS 9.9 enables attackers to bypass AST‑based protections, while a Python execution bypass ...

A new around of vulnerabilities in the popular AI automation platform could let attackers hijack servers and steal ...

Two vulnerabilities in n8n’s sandbox mechanism could be exploited for remote code execution (RCE) on the host system.

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...

Web skimming campaigns use obfuscated JavaScript code to steal credit card data from checkout pages without detection by ...

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

Once trust is granted to the repository's author, a malicious app executes arbitrary commands on the victim's system with no ...

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.