CISA confirms active exploitation of four enterprise software bugs

The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. warned of active exploitation of four vulnerabilities ...

New Android malware uses AI to click on hidden browser ads

A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact ...
The Hacker News

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.

Malware scam: Job offers trick developers with malicious repositories

Developers now need to be careful with job offers. Criminals are trying to distribute infostealers through them.
InfoQ

Vercel Open-Sources Bash Tool for Context Retrieval Using Local Filesystems

Vercel has open-sourced bash-tool that provides a Bash execution engine for AI agents, enabling them to run filesystem-based ...

Node.js: Updated versions patch high-risk security vulnerabilities

Several security vulnerabilities, some classified as high-risk, have been discovered in the popular JavaScript runtime ...
InfoQ

Microsoft Share Update on TypeScript 7

Microsoft's TypeScript 7, codenamed Project Corsa, transforms the compiler with a complete rewrite in Go, achieving up to 10x ...
TechSpot

Breach of npm threatens billions of weekly downloads in JavaScript ecosystem

What the Script: Supply chain attacks are traditionally designed to inflict maximum damage on structured organizations or companies. However, when such an attack compromises a supply chain that an ...
blockonomi

JavaScript Libraries with 2 Billion Weekly Downloads Targeted in Crypto Theft Attempt

18 popular NPM packages with over 2 billion weekly downloads were compromised through a phishing attack targeting developer “Qix” The malware functioned as a “crypto-clipper,” silently replacing ...
cryptonews

“Avoid On-Chain Transactions”: Ledger CTO Issues Urgent Warning After JavaScript Attack

A large-scale supply chain attack on the JavaScript ecosystem has prompted an urgent warning from Ledger’s chief technology officer, Charles Guillemet, who advised users without hardware wallets to ...