The Hacker News

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks

Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial ...

Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be ...
The Hacker News

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

The coordinated campaign has so far published as many as 46,484 packages, according to SourceCodeRED security researcher Paul ...
InfoWorld

AI makes JavaScript programming fun again

What if AI-assisted development is less of a threat, and more of a jetpack? This month’s report tackles vibe coding, along ...

Oracle“锁”住JavaScript? Deno公司诉讼维权,JS商标之争再起波澜

近日,关于 Java 商标权的争议再次引发行业关注。 尽管 Java 作为世界上最流行的编程语言之一,其商标却长期被 Oracle 掌控,这不仅引发了社区的广泛讨论,也促使 Deno 公司采取法律行动,试图挑战 Oracle 对 Java 商标的独占权。 这场持续发酵的商标之争,不仅关乎技术社区的自由发展,也映射出知识产权在技术领域中的复杂博弈。
Fireship on MSN

How Fresh changes the way Deno powers modern websites

The Fresh framework, built on Deno, is redefining how developers create fast, secure, and lightweight web applications.
CSO Online

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser ...

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here ...

Recently, security researchers Socket found 10 packages on npm targeting software developers, specifically those who use the ...
腾讯网

恶意MCP服务器可劫持Cursor内置浏览器

网络安全公司 Knostic.ai 研究人员在提交给 CSO 的报告中指出:"我们演示了单个恶意 MCP 服务器如何将 Cursor 内部浏览器中的登录页面替换为攻击者控制的钓鱼页面,窃取凭证并发送至远程攻击者。该技术还能完全攻陷受害者工作站。" ...