The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.

The World Cup and the world tax – How you may accidentally become a U.S. fiscal resident

In all cases, you should be aware of the U.S. tax rules governing your presence and activities in the United States. A ...

Gogs patches critical zero-day enabling remote code execution

Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and ...
InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took ...
InfoQ

Next.js 16.2: 400% Faster Dev Startup, Faster Rendering, and Deeper Tooling for AI Agents

Vercel has released Next.js 16.2, featuring performance enhancements that make development startup 400% faster and rendering ...
SecurityWeek

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...
Bleeping Computer

New IronWorm malware hits 36 packages in npm supply-chain attack

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...
Cryptopolitan on MSN

IronWorm malware plants rootkit in Arweave ecosystem npm libraries

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...

Adrian De Leon on the shame, the softness and the Scarborough that made him

The boys in Scarborough are always teaching each other what not to become. In places like these, any harmless thing can ...

Anthropic releases Mythos-class model for public use

The classifiers will trigger in less than five percent of usage sessions, Anthropic claimed, while conceding it has tuned the ...

How Canada is preparing for prediction markets, according to our financial planning reporter

Readers asked about how prediction markets functionally work, the relationship to gambling and the risks involved ...

Cloudflare Acquires VoidZero to Build the Future of the AI-Native Web

Acquisition brings Vite, the world’s leading JavaScript build tool, and its core open source team to Cloudflare Cloudflare commits $1 million to an independent Vite ecosystem fund to support open sour ...