InfoWorld

Is your Node.js project really secure?

JavaScript and Node.js teams do not lack security tools. What they still lack is a dependency security workflow that developers will actually use before release. That is the real gap. A package gets ...
Bleeping Computer

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. The security issue is tracked as CVE-2026-26956 and ...