The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
Tech Times

Cloudflare Buys VoidZero: Vite’s 130M Weekly Users Get a New Vendor-Neutrality Pledge

Cloudflare VoidZero acquisition gives a competing CDN governance of Vite, the open source JavaScript build tool with 130 ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
InfoWorld

Google Protocol Buffers flaw turns schemas into shells

Researchers at Cyera found six vulnerabilities in prtobuf.js, including a flaw that can turn attacker-controlled schema data ...
Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
MUO on MSN

5 package managers that work on Windows, Mac, and Linux

If reinstalling software feels repetitive, these tools have some ideas.

Norks blast 250+ fake job offers to developers over 6 weeks to try and snarf creds and crypto

There's another likely North Korean-linked scam hitting developers and their employers, while snarfing up credentials and ...

npm tackles its riskiest security issues

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit ...
MSN China on MSN

Next.js 16.2 发布:开发提速 4 倍、渲染性能优化,新增深度适配 AI ...

Vercel 近日发布 Next.js 16.2,开源 React 框架的最新版本,带来了性能提升、更好的调试体验、面向 AI 智能体的新工具,以及超过 200 项 Turbopack 相关修复与改进。 本次发布的核心亮点是速度。Vercel ...