DRILLAPP JavaScript backdoor targets Ukraine in Feb 2026, abusing Edge debugging features to spy via camera, microphone, and ...

Every developer should be paying attention to the local-first architecture movement and what it means for JavaScript. Here’s ...

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, ...

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.

The Oasis researchers document a vulnerability chain that can be initiated from any website the AI agent (or its user) visits ...

Visiting students can Apply for the summer term. For better or worse humanity is heading down the virtual rabbit hole. We’re ...

A website styled to look like a Google Account security page is distributing what Malwarebytes describes as one of ...

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach reports, expert analysis, and actionable insights for infosec professionals and ...

Researchers with Truffle Security are warning that old and seemingly benign Google API keys might now be weaponized by threat actors after gaining Gemini AI authorization permissions, in a destructive ...

Oasis Security researchers find yet another security problem with the OpenClaw AI agent, with this one allowing malicious websites to silently take control of a developer's system and steal data.