vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

/in

A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems.
vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host

The Hacker News – ​Read More

I’ve tested several ReMarkable tablets, but its new cheap E Ink tablet had me fooled

/in

The ReMarkable Paper Pure pairs an accessible design with thoughtful features while retaining ReMarkable’s niche functionality.

Latest news – ​Read More

I’ve fully converted to adaptive chargers from fast ones and already feel safer

/in

Adaptive charging aims to reduce battery wear by keeping speeds low. My favorite model is ideally suited for overnight charges.

Latest news – ​Read More

I hand-picked 10 Mother’s Day gifts that will arrive by Sunday

/in

Quick shipping saves the day on these last-minute Mother’s Day picks, but I’d recommend these items any time of year.

Latest news – ​Read More

Yet Another Way to Bypass Google Chrome’s Encryption Protection

/in

Authors of the VoidStealer Trojan uncovered a way to get around Google’s App-Bound Encryption (ABE), opening the door to infostealers.

darkreading – ​Read More

Best OSINT Tools for Investigations and Threat Intelligence in 2026

/in

Explore the best OSINT tools for your digital investigations, threat intelligence, reconnaissance, and tracking online activity in 2026.

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More

A Kid With a Fake Mustache Tricked an Online Age-Verification Tool

/in

To stop children from bypassing its age checks, Meta is revamping its age-verification tools with an AI system that analyzes images and videos for “visual cues,” such as height and bone structure.

Security Latest – ​Read More

Google Fixes CVSS 10 Gemini CLI Vulnerability Enabling GitHub Issue-Based RCE

/in

Google patches a CVSS 10 Gemini CLI vulnerability that allowed hackers to use prompt injection and privilege escalation for a full supply chain compromise.

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More

Roku sued for allegedly bricking TVs – see which models are affected, and your best alternatives

/in

Many users are reporting that Roku TVs get stuck in boot loops, show black screens, or are otherwise unusable.

Latest news – ​Read More

Palo Alto warns of critical software bug used in firewall attacks

/in

A patch for the bug, tracked as CVE-2026-0300, has not been published yet and Palo Alto Networks said it will be included in releases over the next two weeks.

The Record from Recorded Future News – ​Read More