The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...

If You've Installed Any of These 17 Browser Extensions, Delete Them Now

Another wave of malicious browser extensions capable of tracking user activity have been found across Chrome, Firefox, and ...
Visual Studio Magazine

Hands On: Testing Cursor, Windsurf and VS Code on Text-to-Website Generation

A hands-on comparison shows how Cursor, Windsurf, and Visual Studio Code approach text-to-website generation differently once ...