Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
InfoWorld

WinterTC: Write once, run anywhere (for real this time)

The unified JavaScript runtime standard is an idea whose time has come. Here’s an inside look at the movement for server-side JavaScript interoperability.
GitHub

Sera UI - Beautiful UI Components for React and Next.js

Sera UI is an open-source UI component library loved by developers. Crafted and ready to use for React, Next.js, and other JSX frameworks. Built with Tailwind CSS, it makes creating beautiful, ...
GitHub

stdout / stderr is not accessible in the JS library

It looks like the stdout is not accessible in the JS bindings. For instance if I have the following executed Python code: print ("This goes to stdout") "This is the return value" After the run the ...
CSOonline

Critical bug in popular vm2 Node.js sandboxing library puts projects at risk

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and execute arbitrary code. A critical vulnerability has been patched in vm2, a ...
Bleeping Computer

Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. The open-source ...