The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

Picking a JavaScript framework in 2026 is not the casual decision it was a decade ago. The framework you choose today will ...

Go’s are joining America’s audio canon. The National Recording Registry at the Library of Congress on Thursday announced the ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the security risks of hallucinated dependencies.

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...

Meta has released React Native 0.85. Developers can use a new animation backend and get new features in the DevTools. Node.js versions that have reached their end-of-life date, as well as Node.js ...

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...

A maximum-severity flaw in the widely used JavaScript library React, and several React-based frameworks including Next.js allows unauthenticated, remote attackers to execute malicious code on ...

Two IP addresses accounted for the majority of the 1.4 million exploitation attempts observed over the past week. React2Shell exploitation activity remains strong, with over 1.4 million attempts ...

In December, the botnet’s operators focused on weaponizing the flaw to compromise vulnerable Next.js servers. The targeted security defect, tracked as CVE-2025-55182, impacts systems relying on ...