Wikipedia hit by self-propagating JavaScript worm that vandalized pages

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.
The Hacker News

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Malicious Chrome extensions tied to ownership transfers push malware and steal data, exposing thousands to credential theft and system compromise.
Bleeping Computer

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the ‘PhantomRaven’ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. The campaign ...
Hoodline

San Antonio AI Researchers Sound Alarm On Phantom Package Trap

UTSA: ~20% of AI-suggested packages don't exist. Slopsquatting could let attackers slip malicious libs into projects.
InfoWorld

First look: Electrobun for TypeScript-powered desktop apps

Powered by the TypesScript-native runtime Bun, Electrobun improves Electron with a smaller application footprint and built-in update mechanisms. Ever since Electron’s first release, developers have ...

India's cyber security agency has issued security alert for Google Chrome browser: Check if you are affected and how to fix it

CERT-In has issued a high-severity warning for Google Chrome users, citing vulnerabilities that could allow remote code execution. The advisory urges users to update their browser to the latest ...

Marketeam.ai Redefines Chat Interface: Agents Now Architect and Compile Custom JavaScript UI in Real-Time

Marketeam.ai is building the first Integrated Marketing Environment (IME) - think of it like an IDE for marketing, but proactive. Instead of fragmented tools and dashboards, it runs marketing as a ...
Visual Studio Magazine

TypeScript 6.0 RC Bridges to Go-Based Future

TypeScript 6.0 RC represents the final major release built on the current JavaScript-based compiler. The upcoming TypeScript 7.0 will use a Go-based native implementation for enhanced speed and memory ...

This high-severity Chrome Gemini vulnerability lets malicious extensions spy on your PC

This high-severity Chrome Gemini vulnerability lets malicious extensions spy on your PC ...
SecurityWeek

OpenClaw Vulnerability Allowed Websites to Hijack AI Agents

An OpenClaw vulnerability allowed malicious websites to take over AI agents, exposing sensitive information and enabling data theft.

Leaked government-grade iPhone hacking tools now used to steal crypto and data from users

According to new technical analyses from Google and mobile security firm iVerify, Coruna's technical core comprises five complete exploit chains and 23 distinct iOS vulnerabilities that ...

Bad CAPTCHA in the wild tricks Mac users into installing malware through Terminal

Hackers have a new tool called ClickFix. The new attack vector combines fake human-verification prompts with malware, trying to trick users into running Terminal commands that bypass macOS security.