SecurityWeek

Notepad++ Supply Chain Hack Conducted by China via Hosting Provider

Notepad++ has shared additional details on the supply chain attack carried out by Chinese state-sponsored hackers via a ...
Cyber Daily

Jeffrey Epstein employed a private hacker, new documents reveal

The latest tranche of files relating to disgraced financier and sex offender Jeffrey Epstein reveals a “personal hacker” with ...
The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...