Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-06 22:00 PDT
- vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
The Hacker News • 2026-05-06 21:15 • thehackernews.com
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems.
vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host
https://thehackernews.com/2026/05/vm2-nodejs-library-vulnerabilities.html - ISC Stormcast For Thursday, May 7th, 2026 https://isc.sans.edu/podcastdetail/9922, (Thu, May 7th)
SANS ISC Diary (full) • 2026-05-06 19:00 • isc.sans.edu
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
https://isc.sans.edu/diary/rss/32964 - An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)
SANS ISC Diary (full) • 2026-05-06 18:08 • isc.sans.edu[This is a Guest Diary by Eric Roldan, an ISC intern as part of the SANS.edu BACS program]
- Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired
Graham Cluley • 2026-05-06 16:30 • grahamcluley.com
Meta’s smart glasses promise privacy “designed for you” – but everything they record was being beamed off to workers in Nairobi to label by hand. When those workers blew the whistle, Meta sacked all 1,108 of them.Meanwhile, the IT press is in a frenzy over a new Linux bug called “Copy Fail” – complete with logo, dedicated website, and a marketing-friendly name. But is it really the disaster everyone’s making it out to be?
And in our featured interview, Jake Moore of ESET explains how he tricked a company into offering his deepfake clone a job – after a perfectly normal-looking video inte…
https://grahamcluley.com/smashing-security-podcast-466/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
