Experimental ‘deno desktop’ feature in Deno 2.9 produces a native desktop application that compiles into a single ...
Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
Microsoft says hotel phishing emails are using Calendly links and photo ZIP files to drop the TonRAT Node.js implant on front ...
A malicious dependency the attackers added to over 140 Mastra packages fetches a payload targeting cryptocurrency extensions. The North Korean state-sponsored threat actor Sapphire Sleet is behind the ...
A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Library Company reading room on Juniper Street in Philadelphia c. 1935, one of the group’s main locations from 1880 to 1935. The Library Company of Philadelphia Founding father Benjamin Franklin ...
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible ...
With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem. Attackers ...
Give your AI agent the ability to write and run code safely. Not every workload needs a full OS. Secure Exec gives you V8-level isolation for code execution — no container required. Secure Exec — Run ...
Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and execute arbitrary code. A critical vulnerability has been patched in vm2, a ...
A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. The open-source ...
A vulnerability in the ‘node-forge’ package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid. The flaw is tracked as ...