The exposure traces back to version 2.1.88 of the @anthropic-ai/claude-code package on npm, which was published with a 59.8MB ...

The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. The payload can intercept cryptocurrency wallet addresses entered on ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

Abstract: With the increasing complexity of Web application functions, JavaScript libraries are widely used to improve development efficiency and user experience. However, many applications do not ...

Microsoft Defender Experts identified a coordinated developer-targeting campaign delivered through malicious repositories disguised as legitimate Next.js projects and technical assessment materials.

For the first episode of our new series, Indians Abroad, our editor-in-chief, Kamiya Jani, met none other than Indian billionaire Mr Anil Agarwal, founder of the Vedanta Group. Being the 4th richest ...

Strip the types and hotwire the HTML—and triple check your package security while you are at it. JavaScript in 2026 is just getting started. I am loath to inform you that the first month of 2026 has ...

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating ...

A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript. The vulnerability, tracked ...

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.