The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

AI Porting: Claude Rewrites Bun Codebase in Rust

The JavaScript and TypeScript server and bundler Bun will consist of Rust code in the future. Within weeks, Claude Code ...
Analytics Insight

Top Web Development Books Every Developer Should Read in 2026

Overview:  AI coding tools are transforming software development, but strong programming fundamentals and system design ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
The Caledonian-Record

NodeSource Introduces N|Solid IDE to Solve the Broken Developer Workflow in the AI Era

AI now generates more than 50% of the world’s code, and growing. The tooling that catches what that code breaks in production was not made to keep up with that speed of delivery. NodeSource, the ...

Bun posts Rust porting guide, says rewrite is still half-baked

Bun creator Jarred Sumner has posted a Zig-to-Rust porting guide, igniting speculation that the project may migrate away from ...

Anthropic’s Bun Rust rewrite merged at speed of AI

A pull request with a Rust version of Anthropic’s Bun, a JavaScript toolkit and runtime originally written in Zig, has been ...

Full list of North East DWP vacancies with salaries paying up to £136,000

Those in the North East looking for a job may be interested in a role at the Department for Work and Pensions. The DWP is the ...
CSO Online

Expired domain leads to supply chain attack on node-ipc npm package

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...
Edex Live

"Colleges don't necessarily teach what companies want": Senior Engineer Nandita Kalita on upskilling & mentorship

For thousands of engineering graduates in India, a degree alone is no longer enough to secure a foothold in the technology ...