The Hacker News

Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files

Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting ...

NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 ...
InfoQ中国 on MSN

Deno 2.5提供了对权限集和测试API钩子的支持

Deno,是由Ryan Dahl构建的JavaScript运行时,最近发布了2.5版本,带来了包括增加权限集(Permission Sets)、新的测试钩子和对WebSockets的改进等特性。作为发布的一部分,还有许多性能方面的改进。 Deno 2 ...

PhantomRaven attack floods npm with credential-stealing packages

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal ...
GitHub

live-updates

SignalDB is a reactive, local-first JavaScript database designed for modern web applications. It combines signal-based reactivity with powerful local data management and real-time synchronization ...
InfoWorld

The best Java microframeworks to learn now

The Java ecosystem brings you unmatched speed and stability. Here’s our review of seven top-shelf Java microframeworks built ...
CSO Online

Google ‘Careers’ scam lands job seekers in credential traps

The phishing campaign impersonates Google’s recruiting team with fake “Book a Call” invites, using spoofed logins and HTML ...
Security Boulevard

Methodology: How we discovered over 2k high-impact vulnerabilities in apps built with vibe ...

Discover the security risks in vibe-coded applications as we uncover over 2,000 vulnerabilities, exposed secrets, and PII ...
CSO Online

North Korean threat actors turn blockchains into malware delivery servers

EtherHiding’: Nation-state and cybercriminal groups are leveraging smart contracts as command-and-control servers for ...