The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
CSO Online

Critical RCE bugs expose the n8n automation platform to host‑level compromise

A JavaScript sandbox bug rated CVSS 9.9 enables attackers to bypass AST‑based protections, while a Python execution bypass ...
The Hacker News

China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

Cisco Talos links China-based UAT-8099 to IIS server attacks using BadIIS malware for regional SEO fraud, targeting Thailand and Vietnam.
GIGAZINE

'MicroQuickJS' that can compile and run JavaScript programs for embedded systems running on just 10KB of RAM

MicroQuickJS can be built and executed with 10KB of RAM and about 100KB of ROM as a C library. Other requirements include that it only supports a subset of JavaScript ...
CSO Online

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...

Web skimming attacks target major payment networks

Web skimming campaigns use obfuscated JavaScript code to steal credit card data from checkout pages without detection by ...

'Outrageous': Assisted dying critics attack 'unprecedented' plan to force through bill

The bill's sponsor Lord Falconer has suggested he could bypass the Lords to ensure elected Commons gets its way.

Watch: Giants beat Stars in Belfast to extend unbeaten run

Watch highlights as Belfast Giants stay two points clear at the top of the Elite League thanks to a 3-1 win over Dundee Stars ...

Labour ex-minister to step down as MP - potentially paving way for Andy Burnham to run for parliament

His departure could pave the way for Manchester Mayor Andy Burnham to become an MP, a step he would need to take to challenge Sir Keir Starmer for the Labour leadership. One of the most popular ...

Malicious Chrome Extensions found on Web Store, Over 1 lakh users at risk: Remove now

Security researchers have discovered several malicious Chrome extensions on the official Chrome Web Store that can steal user data and compromise privacy. Some of these extensions are still available ...