Russia-linked APT28 has exploited a high-severity XSS vulnerability in Zimbra in attacks against Ukrainian entities.

Interlock exploits CVE-2026-20131 zero-day since Jan 26, enabling root access on Cisco FMC, increasing ransomware risks.

Google patches two Chrome zero-days exploited in the wild, urging updates to version 146.0.7680.75/76 to prevent attacks.

Webpack's 2026 roadmap, led by Even Stensberg, unveils substantial enhancements aimed at modernizing the bundler. Key ...

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder’s research team built a new secrets detection method and scanned 5 ...

Strip the types and hotwire the HTML—and triple check your package security while you are at it. JavaScript in 2026 is just getting started. I am loath to inform you that the first month of 2026 has ...

Who needs JavaScript? Security researcher Lyra Rebane has devised a novel clickjacking attack that relies on Scalable Vector Graphics (SVG) and Cascading Style Sheets (CSS).… Rebane demonstrated the ...

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...

The web-based App Store browser Apple introduced Tuesday had some rookie mistakes in its implementation, which has led to the front-end source code getting published on GitHub. The result is a set of ...

Life teaches us a plethora of lessons, many of which go in one ear and out the other. It’s not until we reach a certain age that we realize the importance of these concepts, some of which even turn ...

Can a 3D Minecraft implementation be done entirely in CSS and HTML, without a single line of JavaScript in sight? The answer is yes! True, this small clone is limited to playing with blocks in a world ...