Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
CSO Online

Critical bug in popular vm2 Node.js sandboxing library puts projects at risk

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and ...
InfoWorld

16 open source projects transforming AI and machine learning

From fine-tuning open source models to building agentic frameworks on top of them, the open source world is ripe with ...
The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
IEEE Spectrum on MSN

Great refactor initiative looks to AI to harden critical code

Memory-safety exploits account for 70 percent of vulnerabilities ...

The Open-Source Trust Reset

Enterprises need to practice governance of open-source software to regain control of their software supply chains.
The Montgomery Advertiser on MSN

AL board to withhold library funds over ‘Handmaid’s Tale,’ other books

The board declared the books sexually explicit after a report by chair John Wahl.
CIO

How Chainguard Helps CIOs Reduce Open Source Risk and CVE Overload

Keith: John, tell us a little bit about Chainguard and what you’re going to be showing us on DEMO today. John: Definitely.

Vibe coding may be hazardous to open source

Researchers argue AI coding tools disrupt community and hinder returns to maintainers Tailwind Labs CEO Adam Wathan recently ...
Infosecurity Magazine

Autonomous System Uncovers Long-Standing OpenSSL Flaws

The issues were uncovered by AISLE and disclosed through a coordinated process with the OpenSSL project. OpenSSL is one of ...