The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...

Easily Automate PDF Data Extraction with n8n and Unstruct

Process invoices and receipts automatically with n8n plus Unstruct, pulling totals, dates, and names into structured data for reporting.
The Hacker News

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution. Shachar Menashe, ...
Bleeping Computer

Critical sandbox escape flaw found in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. The open-source ...
GitHub

agentic-layer/n8n-nodes-a2a

This is an n8n community node that provides integration with the A2A (Agent-to-Agent) protocol, enabling your n8n workflows to communicate with AI agents. n8n is a fair-code licensed workflow ...
GitHub

GitHub - nodejs/amaro: Node.js TypeScript wrapper

Amaro is a wrapper around @swc/wasm-typescript, a WebAssembly port of the SWC TypeScript parser. It's used as an internal in Node.js for Type Stripping but can also be used as a standalone package.