Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
InfoQ

Two Missing Characters: How a Regex Flaw Exposed AWS GitHub Repos to Supply-Chain Risk

AWS recently published a security bulletin acknowledging a configuration issue affecting some popular AWS-managed open-source ...
GitHub

An experimental project using LLM technology to generate security documentation for Open Source Software (OSS) projects.

sec-docs is organized by programming language, with folders for each major OSS project. Each project contains subfolders with detailed analyses performed at a specific date using a certain LLM model.
GitHub

Error generating commit message: [unknown] error grabbing LLM response: stream error

The error message "error grabbing LLM response: stream error" originates from the Copilot extension itself, not VS Code core. VS Code's SCM integration simply executes the command and displays any ...