Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
The Hacker News

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.
Milwaukee Journal Sentinel

Gang Sheet Builder Kixxl Launches Automation Platform for DTF Print Shops

New automation platform eliminates manual file handling, artwork upload issues, poor file quality, and slow gang sheet creation for DTF print shops Kixxl automates artwork collection and gang sheet ...
blockchain

Node App Builder: Transform Workflows into No-Code AI Apps for Business Productivity

According to KREA AI (@krea_ai), the newly launched Node App Builder enables users to convert complex workflows into easy-to-use applications without coding expertise. This AI-powered platform ...
Bleeping Computer

Popular Forge library gets fix for signature verification bypass flaw

A vulnerability in the ‘node-forge’ package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid. The flaw is tracked as ...
InfoWorld

Intro to Nest.js: Server-side JavaScript development on Node

Nest’s design is philosophically inspired by Angular. At its heart is a dependency injection (DI) engine that wires together all the components using a common mechanism. If you are familiar with ...
Milwaukee Journal Sentinel

MGX Launches No-Code AI App Builder to Automate Custom Application Development

Fresh off its recent, prestigious recognition as a top no-code AI builder, MGX (MetaGPT X) today announced the landmark launch of its revolutionary MGX no-code AI app builder. This platform leverages ...
The Hacker News

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application (SEA) feature as a way to distribute its ...
Geeky Gadgets

OpenAI’s New Node Agent Builder Lets You Build Custom AI Assistants in Minutes

What if creating a sophisticated AI agent was as simple as arranging building blocks on a digital canvas? With OpenAI’s Agent Builder, this vision is no longer a distant dream but a tangible reality.
InfoQ

Next.js 15.5 Ships - Turbopack Production Builds, Node.js Middleware, and Tighter Typescript DX

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Developer Tech

Node.js 24: A faster, sleeker JavaScript experience

Node.js 24 has officially arrived, and it’s bringing a rather tasty selection of improvements to the table. If you’re a developer knee-deep in web apps or wrestling with asynchronous code, this ...