Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a ...

Microsoft is speeding up the delivery of its Visual Studio Code updates. Since last summer, the company has been making ...

Every developer should be paying attention to the local-first architecture movement and what it means for JavaScript. Here’s ...

Chainguard, the trusted source for open source, today announced Chainguard Repository, a single Chainguard-managed experience for pulling secure-by-default open source containers, dependencies, OS ...

These heroes of open source software are hard at work behind the scenes without you even realizing it.

Native code build tools now dominate for TypeScript or JavaScript projects Vite 8.0 has been released, and it uses Rust-built Rolldown as its single bundler, replacing both esbuild and Rollup, to ...

AI-assisted code speeds development, but introduces vulnerabilities at an alarming rate. Waratek IAST reports flaws ...

TypeScript 6.0 RC represents the final major release built on the current JavaScript-based compiler. The upcoming TypeScript 7.0 will use a Go-based native implementation for enhanced speed and memory ...

Visual Studio Code 1.110 (February 2026) adds new agent extensibility, browser-driving chat tools, and expanded chat accessibility.