The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...

Matcha Meta breach tied to SwapNet exploit drains up to $16.8M

Matcha Meta users were exposed via a SwapNet smart contract exploit, with up to $16.8M stolen on Base, highlighting ongoing approval risks.

Hytale Update 2 lets you summon gangs of skeletons and provides more modding tools to the Minecraft-inspired RPG - and yes, magic is coming: "We will have a pro…

Your skeletal soldiers last for five minutes, or until you're taken out. Those bigger enemies have a few frights coming their ...