The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
AARP

Bill Would Extend Medicare Telehealth Coverage That Expires Jan. 30

Spending bill passed by the House last week would pay for telemedicine appointments until Dec. 31, 2027, but provides no ...

Pubs and music venues to be handed business rates relief after government U-turn

Treasury minister Dan Tomlinson says pubs are a special case, but there's fury more widely over the further squeeze on bottom ...

Five moments in the Alex Pretti shooting that raise red flags for policing experts

Policing experts were unanimous in saying that the situation probably could have been avoided by employing basic policing ...

Where AI browsers fall short

Unlike regular search engines, AI browsers suffer from algorithmic inconsistency due to their black-box nature — and even ...

IT’S NOT LIKE THAT : STREAM IT OR SKIP IT?

The new family drama It’s Not Like That, streaming on the Wonder Project add-on for Prime Video, carries on the tradition of family dramas that we’ve seen for decades, but with a tiny bit of faith ...

Hackers are using LLMs to build the next generation of phishing attacks

What if a phishing page was generated on the spot?
CSO Online

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...