Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...

Browser-based attacks hit 95% of enterprises — and traditional security tools never saw them coming

Omdia research shows 95% of organizations faced browser-based attacks last year. CrowdStrike's CTO and Clearwater Analytics' ...

Kyndryl Holdings: The Hard Reset Is Over, Time To Buy

Kyndryl Holdings is rated Strong Buy after a 40% drawdown, with improving margins, bookings, and FY26 growth inflection.

I'm Bullish On Diana Shipping After The Genco Proxy Fight (Rating Upgrade)

Diana Shipping Inc. is upgraded to a Buy, acquired a 14.8% stake in Genco Shipping & Trading Limited. Learn more about DSX ...
CSO Online

Contagious Interview turns VS Code into an attack vector

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist ...
The Caledonian-Record

Capstone Executes $2.0 Million Cost Rationalization; CEO Reduces Cash Salary to $1.00 to Anchor Positive EBITDA Target

Immediate overhead reductions strengthen free cash flow, align management compensation with shareholder equity, and establish ...

Malicious GhostPoster browser extensions found with 840,000 installs

Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge ...
The Hacker News

ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories

This week's stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old ...