The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
Dark Reading

Yet Another Way to Bypass Google Chrome's Encryption Protection

In another sign that browsers continue to be a prime attack target, authors of the VoidStealer Trojan have uncovered a way to bypass a Chrome security feature designed to protect session cookies and ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Elite corporate lawyers accused of earning millions on insider trading, using bizarre code like, ‘How’s the rabbi?’

A ring of elite corporate lawyers were accused of illegally trading on inside info about blockbuster deals over a decade, ...

How to Install OpenAI Codex on Windows with Security Measures

Learn how to install OpenAI Codex on Windows, with essential security measures to protect your API keys, system, and ...

Minister faces calls from MPs to amend lawful access bill to prevent compromising encryption

Public Safety Minister Gary Anandasangaree faced calls from opposition MPs Tuesday to amend the federal government’s lawful ...
InfoWorld

The best JavaScript certifications for getting hired

Earn these JavaScript certs to demonstrate mastery of the most in-demand skills for the world’s most-used programming ...

Lawful-access bill could threaten encryption, deter investment, Chamber of Commerce warns

Bill would require telecoms, internet companies to change systems to give surveillance, monitoring capabilities to ...
The Hacker News

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.
Microsoft

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

Microsoft Defender Research observed a large-scale credential theft campaign that exemplifies this trend, using code of ...

Official SAP npm packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...