The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
SecurityWeek

Chrome 148 Rolls Out With 127 Security Fixes

Google on Wednesday announced the promotion of Chrome 148 to the stable channel with 127 security fixes, including three for critical-severity vulnerabilities. The first critical flaw is an integer ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
The Hacker News

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

Critical cPanel flaw under attack, Copy Fail Linux privilege escalation, TeamPCP supply chain campaign, GitHub RCE & major ...

PCI DSS Compliance

Data Security Standard (DSS), issued by the PCI Security Standards Council (SSC), which establishes technical and operational ...
SecurityWeek

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware

UNC6692 relies on email bombing and social engineering to infect victims with Snow malware: Snowbelt, Snowglaze, and ...
IEEE

A Variable-Stiffness Continuum Manipulator Using Fibrous Structure: Design, Modeling, and Validation

Abstract: In minimally invasive surgeries (MIS), continuum manipulators made from soft materials make it possible to reach deep-seated lesions with improved contact safety. However, their practical ...
IEEE

A Novel Prescribed-Time Second-Order Sliding Mode Controller Using Only Signs of the Variables: Design and Experimental Validation

Abstract: In practical control systems, limitations such as binary sensing, sensor saturation, and inherent nonlinearities often restrict the available feedback to only the sign of the measured ...