SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
InfoWorld

OpenSilver 3.3 runs Blazor components inside XAML apps

New version of the open-source replacement for Microsoft Silverlight also brings support for .NET 10 and C# 14.
AdExchanger

Microsoft To Stop Caching Prebid Video Files, Leaving Publishers With A Major Ad Serving Problem

Most publishers have no idea that a major part of their video ad delivery will stop working on April 30, shortly after ...
The Hacker News

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

GootLoader malware is abusing malformed ZIP archives that bypass common tools like WinRAR & deliver JavaScript payloads via ...

ReversingLabs 2026 Software Supply Chain Security Report Identifies 73% Increase in Malicious Open-Source Packages

According to the firm’s latest supply chain security report, there was a 73% increase in detections of malicious open-source packages in 2025. The past year also saw a huge jump in the scope of ...
Dark Reading

'Contagious Interview' Attack Now Delivers Backdoor Via VS Code

Once trust is granted to the repository's author, a malicious app executes arbitrary commands on the victim's system with no ...

Fifth Third plans to open 150 new Texas branches after $10.9 billion Comerica acquisition

A $10.9 billion bank acquisition is wrapping up ahead of schedule, and the bank's CEO has laid out an aggressive expansion ...

New Android malware uses AI to click on hidden browser ads

A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact ...
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...

Jamf has a warning for macOS vibe coders

Just yesterday, we noted the growing threat of ransomware. Now, Jamf Threat Labs is warning that North Korean threat actors ...

Parent of Saks Fifth Avenue, Neiman Marcus files for bankruptcy

Saks Global, parent company of high-end retailers Neiman Marcus and Saks Fifth Avenue, filed for bankruptcy protection late ...
InfoWorld

TypeScript levels up with type stripping

Say goodbye to source maps and compilation delays. By treating types as whitespace, modern runtimes are unlocking a “no-build” TypeScript that keeps stack traces accurate and workflows clean.