Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...
Hackaday

The CURL Project Drops Bug Bounties Due To AI Slop

Over the past years, the author of the cURL project, [Daniel Stenberg], has repeatedly complained about the increasingly poor ...
InfoQ

Two Missing Characters: How a Regex Flaw Exposed AWS GitHub Repos to Supply-Chain Risk

AWS recently published a security bulletin acknowledging a configuration issue affecting some popular AWS-managed open-source ...
InfoQ

Swift Cross-Platform Framework Skip Now Fully Open Source

After three years of development, the team behind Skip, a solution designed to create iOS and Android apps from a single ...
InfoWorld

16 open source projects transforming AI and machine learning

From fine-tuning open source models to building agentic frameworks on top of them, the open source world is ripe with ...