Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Windows 11 still runs on code from the 1990s, Microsoft admits

Microsoft's Win32 API dates back to Windows 95, and a senior exec says nobody expected it to still be essential in 2026.
The Hacker News

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.
The Caledonian-Record

Primech Holdings Secures Approximately US$24.8 Million Four-Year Contract at a Major Asian ...

Primech Holdings Limited (Nasdaq: PMEC) (“Primech” or the “Company”), an established technology-driven facility solutions ...
The Caledonian-Record

Water Tower Research (WTR) Adds Sasha Murray as Managing Director – Investor Engagement

Water Tower Research LLC ( ) is modernizing investor engagement with a powerfully differentiated ecosystem of research-driven content and strategies ...

BCE reports drop in profit, higher revenue amid heavy wireless competition

Bell’s finance chief says company remains focused on three-year plan, including selling and reallocating assets ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Most business owners forget this key succession planning step

For most business owners, succession planning for their business involves preparing the company for transfer, determining its ...
SecurityWeek

SAP NPM Packages Targeted in Supply Chain Attack

Four SAP NPM packages compromised in the Mini Shai-Hulud supply chain attack trigger a Bun runtime to install an information ...

From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...