Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
Ars Technica

Who put this JavaScript in my COBOL? Node.cobol, that’s who

Last August, we told you about a project posted on GitHub by Romanian software developer Bizău Ionică that makes it possible for snips of legacy COBOL code to run within the JavaScript code of the ...