SecurityWeek

Critical N8n Sandbox Escape Could Lead to Server Compromise

A critical n8n flaw could allow attackers to use crafted expressions in workflows to execute arbitrary commands on the host.
heise online

JavaScript Sandbox vm2: Critical Vulnerability Allows Escape

vm2 is a JavaScript sandbox for Node.js. Its development was actually discontinued in 2023. Another security vulnerability has been discovered in the software, allowing an escape from the secured ...
The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple ...