All news
node.js
(2 articles)May 15, 2026
node-ipc npm Package Compromised to Steal Credentials
Three malicious node-ipc versions exfiltrate cloud keys, SSH tokens, and CI/CD secrets via DNS TXT queries. Check your lockfiles now.
May 7, 2026
vm2 Node.js Sandbox Escape Enables Code Execution
Critical vm2 Node.js library vulnerabilities allow full sandbox escape and arbitrary code execution. See how attackers exploit it and how to protect your app.