The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
Dark Reading

Yet Another Way to Bypass Google Chrome's Encryption Protection

In another sign that browsers continue to be a prime attack target, authors of the VoidStealer Trojan have uncovered a way to bypass a Chrome security feature designed to protect session cookies and ...
IEEE

Chrowned by an Extension: Abusing the Chrome DevTools Protocol through the Debugger API

Abstract: The Chromium open-source project has become a fundamental piece of the Web as we know it today, with multiple vendors offering browsers based on its codebase. One of its most popular ...
GitHub

A Chrome extension that puts your Claude.ai usage limits right below the chat composer. No API keys, no config, no pasted session tokens. If you're logged into Claude, it just ...

The fill color is blue while you're fine, turns amber at 70%, red at 90%. Thresholds are configurable. I kept running into the weekly limit on Claude without realizing I was close. Claude's own ...
theregister

Claude Opus wrote a Chrome exploit for $2,283

Anthropic withheld its Mythos bug-finding model from public release due to concerns that it would enable attackers to find and exploit vulnerabilities before anyone could react. But the company's Opus ...