A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized ...

Hackers pocketed as much as $155,000 by sneaking a backdoor into a code library used by developers of smart contract apps that work with the cryptocurrency known as Solana. The supply-chain attack ...

Last August, we told you about a project posted on GitHub by Romanian software developer Bizău Ionică that makes it possible for snips of legacy COBOL code to run within the JavaScript code of the ...

Software development, long regarded as one of the most labour-intensive corners of the technology sector, is now transforming ...

The state of Vibe Coding in early 2026 is such that even seasoned software developers are now saying that the days of manually writing code are over. The latest in line to say this is NodeJS creator ...

In the history of computing, 1995 was a crazy time. First Java appeared, then close on its heels came JavaScript. The names made them seem like conjoined twins newly detached, but they couldn’t be ...

Node.js is a lean, fast, cross-platform JavaScript runtime environment that is useful for both servers and desktop applications. Scalability, latency, and throughput are key performance indicators for ...

Model-View-ViewModel, data binding and separation of concerns are just some of the reasons that Knockout.js, which I introduced in a recent column ("2 Great JavaScript Data-Binding Libraries," ...