CSO Online

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
Bleeping Computer

Invisible characters could be hiding backdoors in your JavaScript code

Could malicious backdoors be hiding in your code, that otherwise appears perfectly clean to the human eye and text editors alike? A security researcher has shed light on how invisible characters can ...
ExtremeTech

Claude Code's Own Full Source Code Leaked

On Tuesday, a security researcher named Chaofan Shou revealed on X that he had found a 59.8MB JavaScript source map file in a public release of Anthropic's Claude Code. This file is intended for ...
Ars Technica

AI-generated code could be a disaster for the software supply chain. Here’s why.

AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...
ZDNet

Developer tools: VS Code just got a built-in JavaScript debugger

Microsoft's cross-platform code editor Visual Studio Code (VS Code) now has a built-in JavaScript debugger. That's one less step JavaScript developers need to complete when debugging a project. In the ...