JavaScript Sandbox vm2: Critical Vulnerability Allows Escape

The JavaScript sandbox vm2 for Node.js was actually discontinued. Now an update closes a critical security vulnerability.
InfoWorld

Node.js Foundation: Our security process is ‘top notch’

Node.js, often called Node, has caught fire at enterprises, providing a server-side, event-driven JavaScript platform leveraging the Chrome V8 JavaScript engine. After recent turmoil involving a ...
Hosted on MSN

Critical security flaw in Next.js could spell big trouble for JavaScript users

Experts have warned there is a critical severity flaw in the Next.js open source web development framework which allows threat actors to bypass authorization checks. Security researcher Rachid.A from ...
Bleeping Computer

JavaScript Packages Caught Stealing Environment Variables

On August 1, npm Inc. — the company that runs the biggest JavaScript package repository — removed 38 JavaScript npm packages that were caught stealing environment variables from infected projects.
Dark Reading

Coding Tips to Sidestep JavaScript Vulnerabilities

The Internet was all about gray backgrounds and dull text boxes in the '90s. But JavaScript changed that, allowing us to enjoy dynamic text, interactive websites, and clickable elements without ...
heise online

Node.js: Updated versions patch high-risk security vulnerabilities

Several security vulnerabilities, some classified as high-risk, have been discovered in the popular JavaScript runtime environment Node.js. Updated versions, announced in mid-December, have now been ...
Bleeping Computer

Exploited Windows zero-day lets JavaScript files bypass security warnings

An update was added to the end of the article explaining that any Authenticode-signed file, including executables, can be modified to bypass warnings. A new Windows zero-day allows threat actors to ...