Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.

Google’s Angular team has open-sourced a tool that evaluates the quality of web code generated by LLMs. It works with any web ...

In recent years, the use of malware embedded in Adobe Acrobat PDF plugins has become an increasingly sophisticated threat to cybersecurity. As PDFs are a widely used format for document sharing, they ...

JavaScript is a sprawling and ever-changing behemoth, and may be the single-most connective piece of web technology. From AI ...

ComicForm phishing since April 2025 targets Belarus, Kazakhstan, Russia using Formbook malware, evading Microsoft Defender.

A computer scientist used only “pure SQL” to construct a multiplayer DOOM-like game. The resulting first-person shooter game, ...

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

RevengeHotels used AI-generated phishing scripts to deploy Venom RAT in Brazil hotels in 2025, stealing travelers’ credit ...

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...