The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

This $1.4 Billion Startup’s AI Writes Code For Weeks At A Time

Backed by $200 million in fresh funding, Blitzy has convinced companies to hand off software development to AI that can build ...

Amazon employees pushed for Claude Code. Now they're getting it — and Codex, too.

Some Amazon staff had complained about a lack of access to top AI coding tools, arguing the company risked falling behind in ...
Security Boulevard

PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers

The post PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers appeared first on Mend.