CSO Online

Critical bug in popular vm2 Node.js sandboxing library puts projects at risk

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and ...
Fireship on MSN

The JavaScript ecosystem didn’t see this coming

Anthropic’s move into the JavaScript ecosystem surprised almost everyone. Buying a popular runtime isn’t just a tooling ...
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...
The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...

Hackers are using LLMs to build the next generation of phishing attacks - here's what to look out for

A victim would be phished to visit a seemingly benign webpage. It contains no visible malicious code, but once loaded, it ...
TechRound

Cyber Criminals Are Using LLMs For Phishing Attacks, Here’s How

Unit 42, the threat intelligence team at Palo Alto Networks, published new research showing how criminals now use large ...
InfoWorld

TypeScript levels up with type stripping

Say goodbye to source maps and compilation delays. By treating types as whitespace, modern runtimes are unlocking a “no-build” TypeScript that keeps stack traces accurate and workflows clean.