The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
SecurityWeek

Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover

ClaudeBleed, a vulnerability in Claude in Chrome, allows malicious extensions to hijack the AI agent for nefarious purposes.
InfoWorld

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

MongoDB announces platform enhancements for enterprise-ready AI production

The company announced the availability of MongoDB 8.3, building on previous generations of the database software with ...

Moderne Expands Agent Tools Platform with C# Support for Deterministic .NET Transformation

Moderne, the Agent Tools company for AI-driven software engineering, today announced C# language support across its platform, extending deterministic, large-scale code transformation to .NET codebases ...

'ClickFix' attack tricks users into hacking themselves, ACSC warns

ClickFix relies on tricking users into essentially hacking themselves by running commands that compromise their computers. In ...

Your lookahead horoscope: May 10, 2026

An excellent sun-Jupiter link on your birthday will bring no end of good things your way this year. There will be times when ...

In B.C., another season of peril for seniors

The province needs to galvanize the private sector into installing modern cooling systems in apartment buildings that become ...
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
The Tyee

Why Is This City Hall Reporter Jumping from Journalism to Politics?

In theory, once you cross over into politics from journalism, you can’t go back again. People won’t trust you — no matter how ...
TMCnet

MongoDB Makes Enterprise AI Production Ready

(NASDAQ: MDB) today announced new capabilities at MongoDB local London 2026, furthering its vision and strategy of delivering a unified AI data platform that gives enterprises everything they need to ...