Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
CPO Magazine

Security Flaw in Claude AI Chrome Extension Enables Attackers to Execute Privileged Commands and Steal Data

A security flaw in “Claude in Chrome” enables any Chrome extension, including those without permissions, to execute ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
The Caledonian-Record

Avenger Flight Group Emerges from Chapter 11 as AFG Newco, LLC, Positioned for Next Phase of Growth

“Today marks an important milestone for Avenger Flight Group,” said Eduardo Carrasco. “With a strengthened balance sheet, and the support of our ownership group, Avenger is well-positioned to continue ...
InfoWorld

Hands-on with React, Supabase, and PowerSync

If you are building a simple dashboard or a form-based application, the traditional JSON API (REST or GraphQL) approach is ...
The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
The Caledonian-Record

Morgan Stanley Sustainable Signals: Companies Continue Executing Sustainability Strategies But Progress Has Slowed, According to New Survey

Globally, over 90% of sustainability leaders say their companies continue to execute on their sustainability strategies yet fewer believe they are meeting or exceeding expectations than in 2025, ...

Toronto Rock and Halifax Thunderbirds meet in all-Canadian NLL final

Nick Rose has had 11 years to think about what he would do differently if he ever reached the National Lacrosse League final ...
The Indiana Lawyer

Former private prison executive David Venturella to become ICE’s acting leader

A spokesperson for the Department of Homeland Security said late Tuesday that Venturella would succeed Todd Lyons, who led the agency through much of the administration's tumultuous crackdown on ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...