JavaScript Security

The WebAssembly Flaw That Shatters vm2 Isolation and Grants Host Access vm2 sandbox escape CVE-2026-26956 Smartphone Vulnerabilities

vm2 sandbox escape CVE-2026-26956 Smartphone Vulnerabilities

The WebAssembly Flaw That Shatters vm2 Isolation and Grants Host Access

Do Son May 8, 2026

A critical vulnerability within the widely adopted vm2 library for Node.js has jeopardized services that execute third-party...

The Schema Poisoning: How a 9.4-Severity RCE Vulnerability in Protobuf.js Hijacks Node.js Servers Protobuf.js RCE vulnerability

Protobuf.js RCE vulnerability

The Schema Poisoning: How a 9.4-Severity RCE Vulnerability in Protobuf.js Hijacks Node.js Servers

Do Son April 21, 2026

An innocuous data description file can precipitously metamorphose into a vehicle for server hijacking. Security specialists at...