JavaScript devs beware: this popular NPM package has been compromised by attackers

An extremely popular NPM package used in many JavaScript projects has been compromised and can wreak havoc on your machine if ...
Bleeping Computer

Wikipedia hit by self-propagating JavaScript worm that vandalized pages

Update: Added Wikimedia Foundation's statement below and made a correction to denote it was only the Meta-Wiki that was vandalized. The Wikimedia Foundation suffered a security incident today after a ...

Automate Excel with Office Scripts : Getting Started Guide

The Office Scripts action recorder can generate code snippets for Excel changes, but some actions still require manual ...

Oracle unveils Project Detroit for faster Java interop with JavaScript and Python

JavaOne Oracle has shipped Java 26, a short-term release, and introduced Project Detroit, which promises faster interop ...
Windows Report

Axios Hack Bypasses GitHub Protections and Installs Hidden Malware on Systems

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through malicious npm releases. Security researchers from StepSecurity identified ...
The Caledonian-Record

GetHealthy Launches Script, an AI-Enabled Platform Expanding Practitioner Commerce Beyond Supplements Across Seven Product Categories

GetHealthy, the infrastructure platform powering practitioner-led health commerce, today announced the launch of GetHealthy Script, an AI-enabled clinical scripting platform designed to help ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

ThreatDown Uncovers First Cyber Attack Abusing Deno JavaScript Runtime for Fileless Malware Delivery

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...

What’s inside the White House app?

According to “I Decompiled the White House’s New App,” the Android version has some odd choices for a government app that ...

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...
Windows Report

Hackers Spread Malware on GitHub Using Fake VS Code Alerts

Hackers target GitHub developers with fake VS Code alerts and CVEs, using malicious links to steal data and deliver malware.