The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
Cybernews

North Korea is turning open-source projects into malware traps

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...
CSO Online

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...
InfoQ

Two Missing Characters: How a Regex Flaw Exposed AWS GitHub Repos to Supply-Chain Risk

AWS recently published a security bulletin acknowledging a configuration issue affecting some popular AWS-managed open-source ...

How an experienced developer teamed up with Claude to create Elo programming language

Claude Code isn't the only AI-assisted programming method having a moment. AI biz Cursor created a rudimentary browser using OpenAI's GPT-5.2. And developer Ola Prøis used Cursor, powered by Claude, ...
InfoWorld

TypeScript levels up with type stripping

Say goodbye to source maps and compilation delays. By treating types as whitespace, modern runtimes are unlocking a “no-build” TypeScript that keeps stack traces accurate and workflows clean.
CSO Online

Contagious Interview turns VS Code into an attack vector

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist ...
InfoQ

Vercel Open-Sources Bash Tool for Context Retrieval Using Local Filesystems

Vercel has open-sourced bash-tool that provides a Bash execution engine for AI agents, enabling them to run filesystem-based ...

A critical n8n flaw has been discovered - here's how to stay safe

A patch and workarounds are available.
Engadget

How to redeem game codes on the Nintendo Switch 2

Digital game codes remain one of the simplest ways to add new titles to a Nintendo library. The Nintendo Switch 2 handles code redemption in a familiar way, building ...
Search Engine Roundtable

Google JavaScript Doc Now Says Non-200 HTTP Status Code Might Not Be Rendered

Google updated its JavaScript SEO documentation for the third time this week, this time to say that "while pages with a 200 HTTP status code are sent to rendering, this might not be the case for pages ...