The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
GitHub

programmingwithnavilla/nodejs-redis-versioning

src/ ├── modules/ │ └── user/ │ ├── user.controller.ts │ ├── user.service.ts │ ├── user.repository.ts │ ├── user.entity ...
GitHub

Duplicate end() and span API calls after Redis timeout

This minimal Node.js app uses ioredis with @opentelemetry/instrumentation-ioredis. It sets a very short commandTimeout to simulate a Redis timeout. This leads to ...
Developer Tech

Node.js 24: A faster, sleeker JavaScript experience

Node.js 24 has officially arrived, and it’s bringing a rather tasty selection of improvements to the table. If you’re a developer knee-deep in web apps or wrestling with asynchronous code, this ...
InfoWorld

Redis bets big on an open source return

Today, Redis makes a dramatic return to its open source roots, offering Redis 8 under the AGPLv3 license. The shift follows a similar move by Elastic in August 2024 and completes the company’s ...
Microsoft

Threat actors misuse Node.js to deliver malware and other malicious payloads

Since October 2024, Microsoft Defender Experts (DEX) has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to ...
The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...
InfoWorld

Getting started with Azure Managed Redis

Microsoft has made a lot of big bets in its preferred cloud-native infrastructure. You only need to look at .NET Aspire and Radius to see how the company thinks you should be designing and building ...