The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
Bleeping Computer

Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...
InfoWorld

AI makes JavaScript programming fun again

What if AI-assisted development is less of a threat, and more of a jetpack? This month’s report tackles vibe coding, along with new JavaScript tools and techniques to explore in your AI-assisted free ...
National Review

Vatican Allows Designated Muslim Prayer Room in Apostolic Library

Jury Awards Detransitioner $2 Million in Historic Medical-Malpractice Lawsuit Senate Passes Bipartisan Government Spending Package and DHS Deal as Partial Shutdown Approaches Court Blocks Hong Kong ...
Milwaukee Journal Sentinel

Want a library card but don't know where to start? Here's your guide to the Milwaukee Public Library system

The Milwaukee Public Library system includes 14 locations, with the newest branch on Martin Luther King Jr. Drive. Milwaukee County residents can get a free library card by showing two forms of ...
Bitcoin Magazine

NPM Attack: Javascript Library Compromise Goes After Bitcoin Wallets

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.
Milwaukee Journal Sentinel

Milwaukee's King Library branch has been rebuilt and now includes apartments. It opens Sept. 6

Milwaukee Public Library's King Library branch will have its grand opening on September 6th. The new 18,000-square-foot library features a community room, green building features, and maker space. The ...
CSOonline

Samlify bug lets attackers bypass single sign-on

A critical vulnerability in the popular samlify library could potentially allow attackers to bypass Single Sign-On (SSO) protections and gain unauthorized access to systems relying on SAML for ...
SecurityWeek

Critical OpenPGP.js Vulnerability Allows Spoofing

The developers of OpenPGP.js have released updates to patch a critical vulnerability that can be exploited to spoof message signature verification. OpenPGP.js is an open source JavaScript ...
CoinTelegraph

XRP Ledger Foundation spots ‘crypto stealing backdoor’ in code library

The Foundation said an updated software package has already been published to remove the security breach. The XRP Ledger Foundation has identified a “serious vulnerability” in the official JavaScript ...
InfoWorld

JavaScript tools and frameworks we’re watching now

The rapid evolution in JavaScript tools and frameworks moves at a breakneck speed. Here's our monthly roundup of news, tutorials, and updates to help you keep up. JavaScript is moving in two ...