Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...

You can use Slack, Asana, and Figma directly inside Claude now - here's how

Claude can now directly interface with Amplitude, Asana, Box, Canva, Clay, Figma, Hex, monday.com, and Slack, according to the blog post. Salesforce will also soon be added to that list. Built upon ...