Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...
InfoWorld

First look: Electrobun for TypeScript-powered desktop apps

Powered by the TypesScript-native runtime Bun, Electrobun improves Electron with a smaller application footprint and built-in update mechanisms.
InfoQ

Webpack Publishes 2026 Roadmap with Native CSS Support, Universal Target, and Path to Version 6

Webpack's 2026 roadmap, led by Even Stensberg, unveils substantial enhancements aimed at modernizing the bundler. Key features include native CSS module support, universal compilation for various ...
Bleeping Computer

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the ‘PhantomRaven’ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. The campaign ...
Security Boulevard

What Is an Exposure Assessment Platform — And Why Your Website Is the Blind Spot

In November 2025, Gartner formalized a new security category — Exposure Assessment Platforms — evaluating 20 vendors on their ability to continuously identify and prioritize The post What Is an ...
heise online

Web framework: Astro 6.0 experiments with new Rust compiler

An experimental Rust compiler is intended to replace the previous Go compiler, and the Astro dev server now supports custom runtimes. The open-source JavaScript framework Astro has reached version 6.0 ...

Bad CAPTCHA in the wild tricks Mac users into installing malware through Terminal

Hackers have a new tool called ClickFix. The new attack vector combines fake human-verification prompts with malware, trying to trick users into running Terminal commands that bypass macOS security.
InfoQ

Cloudflare Releases Experimental Next.js Alternative Built With AI Assistance

Cloudflare released vinext, an experimental Next.js reimplementation built on Vite by one engineer, with AI guidance over one ...
Thurrott

Visual Studio Code Moves to a Weekly Update Schedule

With the release of Visual Studio Code 1.111 last night, Microsoft has moved its lightweight code editor to a weekly update schedule. “Welcome to the 1.111 release of Visual Studio Code, the first of ...

This Scam Impersonates the Official Claude Code Website to Spread Malware

Scammers are using cloned versions of popular AI coding tools to spread info-stealing malware through fake installation ...

Using Google Chrome? Indian government issues high security alert for Windows and Mac users

Users of Google Chrome on Windows, Mac, and Linux are urged to update their browsers following a high-severity security ...
The Hacker News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.