The majority of the 1.4 million React2Shell exploitation attempts GreyNoise saw in a week deployed cryptominers and reverse ...

Strip the types and hotwire the HTML—and triple check your package security while you are at it. JavaScript in 2026 is just ...

In December, the botnet’s operators focused on weaponizing the flaw to compromise vulnerable Next.js servers. The targeted security defect, tracked as CVE-2025-55182, impacts systems relying on ...

The React team published a fix on Dec. 3 and advises anyone using the react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack, to upgrade immediately. There has been a recent ...

A maximum-severity flaw in the widely used JavaScript library React, and several React-based frameworks including Next.js allows unauthenticated, remote attackers to execute malicious code on ...

A vulnerability in the ‘node-forge’ package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid. The flaw is tracked as ...

What if AI-assisted development is less of a threat, and more of a jetpack? This month’s report tackles vibe coding, along with new JavaScript tools and techniques to explore in your AI-assisted free ...

A new library, React Native Godot, enables developers to embed the open-source Godot Engine for 3D graphics within a React Native application. Enterprise development teams often have to balance the ...

Chainguard, a trusted foundation for software development and deployment, is launching Chainguard Libraries for JavaScript, a collection of trusted builds of thousands of common JavaScript ...

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.