Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
Morning Overview on MSN

SharePoint zero-day CVE-2026-32201 allows remote code execution with no privileges required — 1,300+ servers still exposed

A critical zero-day vulnerability in Microsoft SharePoint is being exploited in the wild right now, and more than 1,300 ...
The Tech Edvocate

30 Critical Google Chrome Vulnerabilities Expose Billions to Remote Code Exploits — Here’s What You Need to Know

Spread the loveOn May 7, 2026, Google rolled out an urgent security update for its widely-used web browser, Chrome. This update, which addresses 30 vulnerabilities, has raised significant alarms ...
Decrypt

DeepClaude Lets You Run Claude Code With DeepSeek's Brain for 17x Cheaper

DeepClaude swaps Claude Code's expensive Anthropic backend for DeepSeek V4 Pro, keeping the agent loop, slashing the bill.
The Hacker News

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Gemini CLI CVSS 10.0 flaw in versions below 0.39.1 enabled RCE in CI workflows, forcing Google to mandate explicit workspace ...
Bleeping Computer

Windows PowerShell now warns when running Invoke-WebRequest scripts

Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. As Microsoft ...
SecurityWeek

Critical Remote Code Execution Vulnerability Patched in Android

Google announced on Monday the release of an Android update patching a critical vulnerability that can be exploited for ...