React2Shell exploitation spreads as Microsoft counts hundreds of hacked machines

Microsoft says attackers have already compromised "several hundred machines across a diverse set of organizations" via the ...
The Hacker News

GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads

GhostPoster malware hid inside 17 Firefox add-ons, abusing logo files to hijack links, inject tracking code, and run ad fraud ...

GhostPoster attacks hide malicious JavaScript in Firefox addon logos

A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions counting more ...

Google says don’t use JavaScript to generate a noindex tag in the original page code

Google updated its JavaScript SEO basics documentation to clarify that may skip rendering and JavaScript execution.

Google Warns Noindex Can Block JavaScript From Running

Google updated its JavaScript SEO documentation to clarify that noindex tags may prevent rendering and JavaScript execution, ...
FinanceFeeds

Hackers Exploit JavaScript Library to Deploy Crypto Wallet Drainers

Hackers exploit a critical React JavaScript vulnerability, CVE-2025-55182, to deploy crypto wallet drainers on legitimate websites ...
Crypto News

Major JavaScript Library Breach Puts All Crypto Websites at Risk

React vulnerability CVE-2025-55182 exploited by crypto-drainers to execute remote code and steal funds from affected websites ...
Visual Studio Magazine

VS Code 1.107 (November 2025 Update) Expands Multi-Agent Orchestration, Model Management

Microsoft's November 2025 Visual Studio Code update (version 1.107) advances multi-agent orchestration for GitHub Copilot and ...
Infosecurity Magazine

Malware Discovered in 19 Visual Studio Code Extensions

A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in ...
CSO Online

Hundreds of Ivanti EPM systems exposed online as critical flaw patched

EPM has been targeted before. In March, CISA added three EPM vulnerabilities to its Known Exploited Vulnerabilities catalog ...
SecurityWeek

Ivanti EPM Update Patches Critical Remote Code Execution Flaw

A critical Ivanti EPM vulnerability could allow unauthenticated attackers to execute arbitrary code remotely with ...