InfoWorld

Beyond NPM: What you need to know about JSR

Here's how the JavaScript Registry evolves makes building, sharing, and using JavaScript packages simpler and more secure ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to China-based servers.
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses ...

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ‘the JavaScript ecosystem deserves better.’ ...

Chrome Vulnerabilities Allow Code Execution, Browser Crashes

Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites.
MUO on MSN

Your browser extensions can see every password you type

Your trusted extension/add-on with over 100k review might be spying on you.
TMCnet

Anura Stops AI-Assisted SIVT Threat That Bypasses JavaScript-Based Fraud Detection Solutions

About Anura Anura.io is a trusted leader in ad fraud prevention, known for delivering high-accuracy, low-false-positive ...
The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...
TMCnet

RenderATL 2026 to Host OpenJS Summit: Spotlighting the Future of JavaScript

Additional details for RenderATL 2026 and the OpenJS Summit, including programming themes and speaker participation, will be announced in the coming months. For more information about RenderATL, ...

Xcode 26.3 hands on: AI agent coding is astoundingly fast, smart, and too convenient

The improved AI agent access in Xcode has made vibe coding astoundingly simple for beginners, to a level where some apps can ...
Visual Studio Magazine

What a Difference a VS Code Fork Makes: Antigravity, Cursor and Windsurf Compared

VS Code forks like Cursor, Windsurf, and Google Antigravity may share a common foundation, but hands-on testing shows they ...