Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
Cybernews

North Korea is turning open-source projects into malware traps

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...
Techzine Europe

Misuse of VS Code tasks poses risk to developers

Security researchers are increasingly citing Visual Studio Code as part of supply chain attacks on developers. Researchers at Jamf recently identified ...
GitHub

vscode-rubocop

This is the official VS Code extension for RuboCop. You can install this VS Code extension from the Visual Studio Marketplace. For VS Code-based IDEs like VSCodium or ...
GitHub

carlthome/vscode-git-line-blame

This extension is small on purpose and doesn't come with any settings. It will automatically activate when you open a workspace that contains a git repository. When you select a line in the text ...
IEEE

Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages

Abstract: With the emergence of the Node.js ecosystem, JavaScript has become a widely used programming language for implementing server-side web applications. In this article, we present the first ...