A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

The update smooths out mixed module workflows.

Fastify will lead performance-focused Node.js applications with speed, efficiency, and scalability. NestJS will remain the preferred choice for structured, enterprise-grade Node.js development.

Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first ...

Microsoft on Tuesday issued a warning over the increasing use of Node.js for the delivery of malware and other malicious payloads. The tech giant has been seeing such attacks aimed at its customers ...

Since October 2024, Microsoft Defender Experts (DEX) has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to ...

Staying ahead of the curve is no longer a choice. It has become a necessity. As of November 2024, Node.js powers 3.9% of websites globally, according to Web Technology Surveys. That includes giants ...