The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...

I used one simple script to remove AI from popular browsers (including Chrome and Firefox)

I used one simple script to remove AI from popular browsers (including Chrome and Firefox) ...