Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
InfoWorld

Go developers meh on AI coding tools – survey

Most Go developers are using AI-powered development tools, but their satisfaction has been hindered by quality concerns, ...
SecurityWeek

North Korean Hackers Target macOS Developers via Malicious VS Code Projects

North Korean hackers target macOS developers with malware hidden in Visual Studio Code task configuration files.
The Hacker News

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.
The Hacker News

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

North Korean hackers abuse Visual Studio Code task files in fake job projects to deploy backdoors, spyware, and crypto miners ...
XDA Developers on MSN

Zed is the speed demon that makes VS Code and Antigravity feel sluggish

A new and faster code editor emerges ...
Analytics Insight

10 Must-Know Modern JavaScript Features in 2026

JavaScript updates in 2026 focus on fixing long-standing issues instead of adding unnecessary complexity. Core features now handle iteration sets, async logic, and dates with fewer workarounds and ...
Wired

People Are Paying to Get Their Chatbots High on ‘Drugs’

Petter Rudwall knows the idea of AIs becoming sentient and seeking to get high with code-based “drugs” seems “stupid.” But the Swedish creative director couldn’t get it out of his head. Rudwall’s ...