A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

The board declared the books sexually explicit after a report by chair John Wahl.

From fine-tuning open source models to building agentic frameworks on top of them, the open source world is ripe with ...

Enterprises need to practice governance of open-source software to regain control of their software supply chains.

Memory-safety exploits account for 70 percent of vulnerabilities ...

by Kieran Klaassen in Source Code Kieran Klaassen, the general manager of Every’s AI email assistant Cora, coined the term compound engineering—the practice of using AI agents to build software ...

Kate Quinn will speak virtually with several public libraries across the Capital Region this March.

Researchers argue AI coding tools disrupt community and hinder returns to maintainers Tailwind Labs CEO Adam Wathan recently ...

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.

Keith: John, tell us a little bit about Chainguard and what you’re going to be showing us on DEMO today. John: Definitely.