Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

Every time a developer types npm install, they are placing a bet that the package they are pulling into their project is not ...

OpenAI said it found no evidence that user data was accessed after a supply-chain attack involving the TanStack npm library.

It’s time to switch to a new development tool for SQL Server and Azure SQL. Here’s how to get started with the MSSQL ...

OpenAI reported no user data compromise after a supply-chain attack targeting the TanStack npm library, part of the broader ...

BrowserAct Open-Sources Two AI Skills That Let Agents Actually Use the Web - Including One That Builds New Skills on Its Own ...

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.

OpenAI confirmed on Wednesday that it found no evidence suggesting user data was compromised following a security incident ...

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...