CSOonline

Critical bug in popular vm2 Node.js sandboxing library puts projects at risk

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and execute arbitrary code. A critical vulnerability has been patched in vm2, a ...
Bleeping Computer

Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. The open-source ...
Windows Report

Microsoft KB5074109 Fixes False Security Alerts Triggered by WinSqlite3.dll

Microsoft KB5074109 arrives with important security improvements, but the update also resolves a long-standing issue that caused widespread false vulnerability alerts across Windows systems. The ...
InfoWorld

Why SQLite Finally Feels Modern

Want to work with SQLite databases via the same kind of workbench tools available for MySQL/MariaDB and PostgreSQL? These three projects — a desktop application, a web-based app, and a Visual Studio ...
The Hacker News

Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow

Node.js has released updates to fix what it described as a critical security issue impacting "virtually every production Node.js app" that, if successfully exploited, could trigger a denial-of-service ...
Geeky Gadgets

From Single-Writer Limits to Multi-Writer Speed : Turso Reworked SQLite in Rust

What if the database you rely on could handle writes four times faster without sacrificing simplicity or reliability? For years, SQLite’s single-writer limitation has been both its strength and ...
GitHub

Comprehensive SQLite performance benchmarking suite testing PRAGMA settings, WAL mode optimizations, and encryption performance across multiple Node.js versions.

Insert Operations: Synchronous OFF (Unsafe) on Node.js v20.19.5 (12,735 ops/sec) Select Operations: MMAP 256MB on Node.js v22.21.1 (17,413 ops/sec) Update Operations: Incremental Vacuum on Node.js v20 ...
SecurityWeek

Google Says AI Agent Thwarted Exploitation of Critical Vulnerability

Google refused to share any details on how its Big Sleep AI foiled efforts to exploit a SQLite vulnerability in the wild. Google says its Big Sleep AI agent recently discovered a critical SQLite ...
GitHub

sqlite: abortable backup #58888

feature requestIssues that request new features to be added to Node.js.Issues that request new features to be added to Node.js. The sqlite.backup() method should accept an abort signal, which would ...
Developer Tech

Node.js 24: A faster, sleeker JavaScript experience

Node.js 24 has officially arrived, and it’s bringing a rather tasty selection of improvements to the table. If you’re a developer knee-deep in web apps or wrestling with asynchronous code, this ...
The Hacker News

Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers

Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first ...