vm2 is a JavaScript sandbox for Node.js. Its development was actually discontinued in 2023. Another security vulnerability has been discovered in the software, allowing an escape from the secured ...

XDR is one of security's buzziest acronyms—and for good reason. XDR, which stands for eXtended Detection and Response, promises to provide more timely and accurate threat detection by gathering and ...

Microsoft has released emergency out-of-band security updates to patch a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The security feature bypass vulnerability, tracked ...

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. The open-source ...

New York, 27 January 2026 — United Nations Secretary-General António Guterres has appointed 15 leading experts to the Independent Expert Advisory Panel for the Multidimensional Vulnerability Index ...

Microsoft is warning admins of an Office security bypass zero day vulnerability that can be triggered simply by a user opening a document. The flaw is currently being actively exploited. “The ...

Russian-state hackers wasted no time exploiting a critical Microsoft Office vulnerability that allowed them to compromise the devices inside diplomatic, maritime, and transport organizations in more ...

Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by suspected China-state hackers who used their control to deliver backdoored ...