GAF Materials to close north Minneapolis plant, laying off 120 workers

GAF is closing its north Minneapolis roofing plant in April, affecting about 120 workers; some may transfer to the company's ...

Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

RenderATL 2026 to Host OpenJS Summit: Spotlighting the Future of JavaScript

RenderATL, the leading tech conference merging innovation, culture, and code, today announced a first-of-its-kind collaboration with the OpenJS Foundation to host a dedicated OpenJS Summit at ...

Anura Stops AI-Assisted SIVT Threat That Bypasses JavaScript-Based Fraud Detection Solutions

Anura identified and successfully mitigated a new form of Sophisticated Invalid Traffic (SIVT) that uses artificial ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
Cybernews

North Korea is turning open-source projects into malware traps

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...
The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...

Automated Accessibility Testing on the Web: Possibilities and Limitations

Tools can help check the accessibility of web applications – but human understanding is required in many areas.
Enterprise Times

Yottaa launches MCP server purpose-built for eCommerce performance intelligence

Yottaa have announced the launch of its Model Context Protocol (MCP) server. Yotta says this makes it the first eCommerce-focused performance vendor to ...

Health care dominates Nashville's highest-paying jobs

Health-care workers dominate a list of high-paying jobs, with top earners making more than $300,000 amid ongoing staffing ...

OpenAI spills technical details about how its AI coding agent works

On Friday, OpenAI engineer Michael Bolin published a detailed technical breakdown of how the company’s Codex CLI coding agent ...