The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
ADTmag

Salesforce Opens Beta for React-Based App Development on Its Platform

Salesforce is opening its platform to React developers. The Multi-Framework beta lets developers build native Salesforce apps with React while using Salesforce authentication, security, governance, ...
ABC57

St. Joseph County Assessor holds Town Hall ahead of 2026 Property Assessments

St. Joseph County Assessor Michael Castellon says transparency and education have been central to his tenure, and he is taking that effort directly to residents through a ...
Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...

Cross-platform development: React Native 0.85 gets new animation backend

The open-source framework introduces an experimental animation backend and outsources the Jest testing framework into its own package.
VentureBeat

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...
IEEE

Debun: Detecting Bundled JavaScript Libraries on Web using Property-Order Graphs

Abstract: Detecting front-end JavaScript libraries in web applications is essential for website profiling, vulnerability detection, and dependency management. However, bundlers like Webpack transpile ...
PBS

Nonprofit libraries ordered by State Department to stop processing passport applications

NORWICH, Conn. (AP) — The U.S. State Department has ordered certain public libraries nationwide to cease processing passport applications, disrupting a long-standing service that librarians say their ...
GitHub

kubetail-org/fancy-ansi

Failure to parse some of our users' ANSI markup Use of hard-coded styles that made customization more difficult Lack of support for CSS variables To solve these problems and make something that ...
financefeeds

Hackers Exploit JavaScript Library to Deploy Crypto Wallet Drainers

Hackers have exploited a flaw in the React JavaScript library to inject code that drains crypto wallets onto websites, primarily on cryptocurrency platforms. The React team released a patch on ...
cryptonews

Major JavaScript Library Breach Puts All Crypto Websites at Risk

Critical React Server Components flaw enables remote code execution, prompting urgent crypto industry warnings as attackers exploit CVE-2025-55182 to drain wallets and deploy malware across vulnerable ...
Microsoft

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server ...