The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Bun posts Rust porting guide, says rewrite is still half-baked

Bun creator Jarred Sumner has posted a Zig-to-Rust porting guide, igniting speculation that the project may migrate away from ...
GamingOnLinux

GameMaker is launching GMRT, a new modern runtime with source access

The popular game engine GameMaker continues advancing, with a new GMRT runtime that will give developers source access and ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
InfoWorld

Building AI apps and agents with Microsoft Foundry

Microsoft’s Azure-based AI development and deployment platform shines with a strong selection of models and agent types and ...
Cryptopolitan on MSN

Crypto devs face new threat from Claude-based malware

A threat group planted a malicious npm package in a crypto trading project through an AI-generated commit by Anthropic's ...
Cryptopolitan on MSN

Malicious SAP npm packages target crypto wallet data

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...

This High School Student Is Teaching Kids Across the Globe How to Code

Last May, Jacob Shaul logged onto his computer and began remotely teaching more than 170 students in Bolivia the basics of ...
The Security Ledger

How Claude Planted Malicious Code In A Crypto-Trading App

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...
InfoWorld

Malicious pgserve, automagik developer tools found in npm registry

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ‘a complete organizational takeover’.