HBO Orders Damon Lindelof Series ‘The Chain,’ a Thriller Described as “‘Jaws for Parents”

The 'Lost' and 'Leftovers' showrunner returns to HBO with a twisty new project based on Adrian McKinty's novel.

Kidnap Thriller ‘The Chain’ Lands Straight-To-Series Order At HBO With Damon Lindelof As Showrunner

The project, which is based on Adrian McKinty’s novel, marks the first time that Lost co-creator Lindelof is showrunning ...
The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
CSO Online

AI-powered polymorphic attack lures victims to phishing webpages

A new breed of malware uses various dynamic techniques to avoid detection and create customized phishing webpages.
InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...