cryptopolitan

Attackers trojanized Arweave’s WeaveDB npm package to deploy malware

A Rust infostealer called IronWorm hid in 36 npm packages from the Arweave ecosystem. The malware self-replicated and then pushed backdated malicious commits across nine organizations. Developers who ...

Getting started

This guide will cover the basics of installing the Glow JavaScript library, and a few simple examples of using Glow to get you started. We are assuming you have at least a working knowledge of ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
TechRadar

An incredibly popular JavaScript library might have some worrying malware issues

CVE-2025-12735 in expr-eval allows remote code execution via unsafe input evaluation Vulnerable versions ≤2.0.2; patched in 2.0.3 and forked in expr-eval-fork 3.0.0 Developers should sanitize ...
InfoWorld

10 things developers love about JavaScript – and 10 things they don’t

Over three decades of development, JavaScript has grown faster, sleeker, more capable, and much more complex. That’s good and bad. It was 30 years ago today, Sgt. JavaScript taught the web to play.
InfoWorld

Better than reflection: Using method handles and variable handles in Java

Reflection was essential to the advanced Java toolkit for years. Now it's being superseded by newer, safer options. Here's how to use MethodHandle and VarHandle to gain programmatic access to methods ...
WeLiveSecurity

Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binaries

Available as both an IDA plugin and a Python script, Nimfilt helps to reverse engineer binaries compiled with the Nim programming language compiler by demangling package and function names, and ...