Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...

Chrome Vulnerabilities Allow Code Execution, Browser Crashes

Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites.

Indie web browser Ladybird flutters toward Rust with a little help from AI

Project ditches Swift and translates C++ with LLM assistance The independent Ladybird web browser project is changing course ...

Firefox 148 adds AI kill switch, fixes 50+ security flaws

PCWorld highlights that Mozilla’s Firefox 148 update addresses over 50 security vulnerabilities, including high-risk memory ...

What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...
InfoWorld

WinterTC: Write once, run anywhere (for real this time)

The unified JavaScript runtime standard is an idea whose time has come. Here’s an inside look at the movement for server-side JavaScript interoperability.

Game-changing cancer test means I met my granddaughter

When Pat Grant found out her first grandchild was on the way, her cancer diagnosis made her think: "I am never going to meet ...

Google Ships WebMCP, The Browser-Based Backbone For The Agentic Web

Google ships WebMCP protocol, letting websites expose structured functions to AI agents and reducing computational overhead ...
Security Boulevard

There’s Always Something: Secrets Detection at Engagement Scale with Titus

TL;DR: Titus is an open source secret scanner from Praetorian that detects and validates leaked credentials across source code, binary files, and HTTP traffic. It ships with 450+ detection rules and ...

North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.
The Washington Post

I tested four AI browsers. Count me out.

Warning: This graphic requires JavaScript. Please enable JavaScript for the best experience. The browser wars are back — and this time they’re supercharged by ...
The Hacker News

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies

Researchers show AI assistants can act as stealth C2 proxies, enabling malware communication, evasion, and runtime attack ...