Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

Moonshot's new Kimi K2.5 model can build websites from visual inputs - here's how it works

While it's not yet clear how practically useful the capability will be for individuals and businesses, the model's "coding with vision" capability makes vibe coding even vibier.