Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...
The Hacker News

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

OpenAI launched Daybreak with GPT-5.5-Cyber tools as AI accelerates vulnerability discovery and exploit timelines.
CSO Online

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
Mint

Did Anthropic ‘dumb down’ Claude Code? Post-mortem reveals the three bugs that crippled performance

Over the last few weeks, social media has been filled with complaints about Anthropic's Claude Code feeling slower and dumber, which was evident in the coding quality and the increased memory issues.
adtmag.com

More Code, More Bugs: Faros Report Finds Tradeoffs In AI-Driven Software Development

Output rose sharply: Faros found that higher AI adoption was associated with a 34% increase in task completion per developer and a 66% increase in epics completed per developer. Quality and review ...

One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...

How Developers Used Claude Code to Stop a Live DDoS Attack

A Distributed Denial of Service (DDoS) attack recently targeted BridgeMind's API, flooding it with millions of requests and ...
The Next Web

Lovable left thousands of projects exposed for 48 days, and the vibe coding security crisis is only getting worse

Summary: Lovable, the $6.6 billion vibe coding platform with eight million users, has faced three documented security incidents exposing source code, database credentials, and thousands of user ...