Node.js 25: Escapes from JavaScript sandbox vm2 conceivable

The vm2 sandbox component of the open-source JavaScript runtime environment Node.js is vulnerable with certain settings.
The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
Hosted on MSN

Roblox sandbox hits surge with new codes and player spikes

Several popular Roblox sandbox and simulation titles have rolled out new redeemable codes offering in-game boosts, while live player rankings highlight top-trending creative worlds. Games like Bee ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Security Patches news | The Register

Emergency patches out now for those managing the millions of domains assumed to be affected This CVSS 10.0 RCE vuln has been ...
CSO Online

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
InfoQ

Inside Claude Code Auto Mode: Anthropic’s Autonomous Coding System with Human Approval Gates

Anthropic has introduced auto mode in Claude Code, enabling multi-step software development workflows with reduced manual ...
Newsworthy.ai

An AI Escaped Its Sandbox, Emailed a Researcher, Then Self-Published Its Own Exploit Online!

VectorCertain LLC today announced new validation results demonstrating that its SecureAgent platform successfully detected ...
Security Boulevard

AI Vulnerability Chaining – Why Your Security Stack Cannot Detect What Comes Next

Mythos combined four separate low-severity bugs into a complete browser sandbox escape. Traditional scanners evaluate vulnerabilities in isolation. That assumption is now broken.
Opinion
Spiceworks on MSNOpinion

Anthropic’s Claude Mythos: Breakthrough or hype machine?

Every IT professional has sat through a vendor presentation where an incremental software update is pitched as a civilization-altering event. In late March 2026, the artificial intelligence industry ...

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe patches a critical PDF flaw exploited for months, allowing attackers to bypass sandbox protections and deliver malware. Users urged to update now.