Critical sandbox escape flaw discovered in popular vm2 NodeJS library

Published on January 27, 2026

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. [...]

Continue reading on website
Other news

US charges 31 more suspects linked to ATM malware attacks

January 27, 2026
A Nebraska federal grand jury charged 31 additional defendants for their involvement in an ATM jackpotting operation allegedly orchestrated by members of the Venezuelan gang Tren de Aragua. [...]

Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities

January 27, 2026
Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft.The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025."While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT)