Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and execute arbitrary code. A critical vulnerability has been patched in vm2, a ...

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. The open-source ...

Microsoft KB5074109 arrives with important security improvements, but the update also resolves a long-standing issue that caused widespread false vulnerability alerts across Windows systems. The ...

Node.js has released updates to fix what it described as a critical security issue impacting "virtually every production Node.js app" that, if successfully exploited, could trigger a denial-of-service ...

better-sqlite3 is used by thousands of developers and engineers on a daily basis. Long nights and weekends were spent keeping this project strong and dependable, with no ask for compensation or ...

What if the database you rely on could handle writes four times faster without sacrificing simplicity or reliability? For years, SQLite’s single-writer limitation has been both its strength and ...

Insert Operations: Synchronous OFF (Unsafe) on Node.js v20.19.5 (12,735 ops/sec) Select Operations: MMAP 256MB on Node.js v22.21.1 (17,413 ops/sec) Update Operations: Incremental Vacuum on Node.js v20 ...

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application (SEA) feature as a way to distribute its ...

Google’s Big Sleep Foils Hackers by Spotting SQLite Flaw Before Exploit Your email has been sent Google’s Big Sleep AI agentic system spotted a zero-day SQLite bug after threat signals emerged, ...