The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...
Visual Studio Magazine

Linear Regression with Pseudo-Inverse Training Using JavaScript

Dr. James McCaffrey presents a complete end-to-end demonstration of linear regression with pseudo-inverse training implemented using JavaScript. Compared to other training techniques, such as ...
Nature

How learning handwriting trains the brain: the science behind the cursive wars

Handwriting requirements were cut from school curricula around the world. Now it’s looping back, riding on a wave of evidence.
The New York Times

Climate and Environment

A team hopes to place instruments in the waters beneath the colossal Thwaites Glacier, with the help of a drill that uses hot water to punch through ice. By Raymond Zhong New studies show how algae ...
Boston College

Oceans in peril, humans at risk

Widespread ocean pollution threatens the health of more than 3 billion people, international study led by Boston College researchers shows Ocean pollution is widespread and getting worse, and when ...