JavaScript Sandbox vm2: Critical Vulnerability Allows Escape

The JavaScript sandbox vm2 for Node.js was actually discontinued. Now an update closes a critical security vulnerability.
Analytics Insight

Python Vs JavaScript: Choosing the Right Tech Stack for 2026

Overview: Programmers prefer Python in AI, data science, and machine learning projects, while JavaScript is useful in web and full-stack development.GitHub and ...
腾讯网

vm2 Node.js库曝严重沙箱逃逸漏洞(CVE-2026-22709)可导致任意代码执行

流行的vm2 Node.js库近日披露一个高危沙箱逃逸漏洞,攻击者成功利用该漏洞可在底层操作系统上执行任意代码。该漏洞编号为CVE-2026-22709,CVSS评分为9.8分(满分10分)。
腾讯网

vm2库沙箱逃逸漏洞致任意代码执行风险

虽然CVE-2026-22709已在vm2版本3.10.2中得到修复,但这是近年来困扰该库的一系列沙箱逃逸漏洞中的最新一个。这包括CVE-2022-36067、CVE-2023-29017、CVE-2023-29199、CVE-2023-30547、CVE-2023-32314、CVE-2023-37466和CVE-2023-37903。

Initial access hackers switch to Tsundere Bot for ransomware attacks

A prolific initial access broker tracked as TA584 has been observed using the Tsundere Bot alongside XWorm remote access ...