ALL POSTS

Key Findings A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library, tracked as CVE-2026-22709. The vulnerability carries a CVSS score of 9.8 out of 10.0, indicating its high severity. The flaw allows attackers to escape the sandbox environment and execute arbitrary code on the underlying operating system. Background vm2 is a Node.js library used to run untrusted code within a secure sandboxed environment. The library intercepts and prox

Key Findings: CISA has added two security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2009-0556: A code injection flaw in Microsoft Office PowerPoint that allows remote code execution CVE-2025-37164: A code injection vulnerability in HPE OneView that allows remote unauthenticated code execution Background CVE-2009-0556 is a memory corruption vulnerability in legacy Microsoft PowerPoint that was exploited in the wild in April 2009. It affects Powe