Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
The Hacker News

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.
Milwaukee Journal Sentinel

Lithosphere Expands Ecosystem Intelligence Layer to Accelerate Builder Adoption

SEATTLE, WA, UNITED STATES, January 12, 2026 /EINPresswire.com/ — Lithosphere, an AI-powered blockchain ecosystem focused on interoperability and automation ...
Milwaukee Journal Sentinel

Gang Sheet Builder Kixxl Launches Automation Platform for DTF Print Shops

New automation platform eliminates manual file handling, artwork upload issues, poor file quality, and slow gang sheet creation for DTF print shops Kixxl automates artwork collection and gang sheet ...
blockchain

Node App Builder: Transform Workflows into No-Code AI Apps for Business Productivity

According to KREA AI (@krea_ai), the newly launched Node App Builder enables users to convert complex workflows into easy-to-use applications without coding expertise. This AI-powered platform ...
Bleeping Computer

Popular Forge library gets fix for signature verification bypass flaw

A vulnerability in the ‘node-forge’ package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid. The flaw is tracked as ...
InfoWorld

Intro to Nest.js: Server-side JavaScript development on Node

Nest’s design is philosophically inspired by Angular. At its heart is a dependency injection (DI) engine that wires together all the components using a common mechanism. If you are familiar with ...
The Hacker News

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application (SEA) feature as a way to distribute its ...
Geeky Gadgets

OpenAI’s New Node Agent Builder Lets You Build Custom AI Assistants in Minutes

What if creating a sophisticated AI agent was as simple as arranging building blocks on a digital canvas? With OpenAI’s Agent Builder, this vision is no longer a distant dream but a tangible reality.
Developer Tech

Node.js 24: A faster, sleeker JavaScript experience

Node.js 24 has officially arrived, and it’s bringing a rather tasty selection of improvements to the table. If you’re a developer knee-deep in web apps or wrestling with asynchronous code, this ...
Microsoft

Threat actors misuse Node.js to deliver malware and other malicious payloads

Since October 2024, Microsoft Defender Experts (DEX) has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to ...