July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...

Chrome's WebMCP guidance warns that AI agents can be manipulated through the tools they are built to trust.

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...

Socket says a campaign of malicious packages is aiming to steal crypto and is injecting hidden instructions that hijack popular AI coding assistants. An active supply chain attack is targeting crypto ...

Abstract: Prototype pollution is a type of recently-discovered, impactful vulnerability that affects JavaScript code. One important yet challenging research problem of prototype pollution is how to ...

The vm2 sandbox of the open-source JavaScript runtime environment Node.js just can't escape the headlines, and the developers are now closing further “critical” security vulnerabilities. Once again, ...

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the security risks of hallucinated dependencies. Attackers too are looking to cash ...

Node.js has been around since 2009, and yet in 2026 it remains one of the most widely deployed backend runtimes on the planet. That's not inertia — it's earned relevance. Here's why developers and ...

A recent attack on the widely used JavaScript library Axios has exposed developers to a serious supply chain breach. The incident involved malicious packages that stayed live for hours and silently ...