Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
Cybernews

North Korea is turning open-source projects into malware traps

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...
GitHub

ast-grep VSCode, a structural search and replace extension.

It uses ASTs to find and modify code patterns. No more tedious and error-prone text manipulation. Have you ever spent hours trying to find and replace a code pattern using plain text or regular ...
GitHub

vscode-debug-value-editor

Start a JS debug session Click on the code lens to view and edit the runtime value of the property. This can be done while the debug session is paused or running. When the debug session is running, ...
Techzine Europe

Misuse of VS Code tasks poses risk to developers

Security researchers are increasingly citing Visual Studio Code as part of supply chain attacks on developers. Researchers at Jamf recently identified ...