SecurityWeek

Critical Vulnerability Patched in jsPDF

A jsPDF vulnerability tracked as CVE-2025-68428 could allow attackers to read arbitrary files, exposing configurations and ...

Critical jsPDF flaw lets hackers steal secrets via generated PDFs

The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that ...
Security Boulevard

Apple’s App Store Source Map Leak: A Preventable Vulnerability We Found in 70% of ...

Apple’s App Store source map leak shows a preventable risk we found in 70% of organizations shipping production web apps.
The Hacker News

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

CERT-UA reports PLUGGYAPE malware attacks targeting Ukrainian defense forces via Signal and WhatsApp, using phishing links ...
NPR

Available to download Friday, some Epstein files no longer there Saturday afternoon

The Department of Justice started releasing files related to the life, death and criminal investigations of convicted sex offender Jeffrey Epstein Friday. Files continued to be posted on its "Epstein ...
InfoQ

Vercel Open-Sources Bash Tool for Context Retrieval Using Local Filesystems

Vercel has open-sourced bash-tool that provides a Bash execution engine for AI agents, enabling them to run filesystem-based ...

Browser extension malware infected 8.8M users in DarkSpectre attack

Browser extensions turned malicious after years of legitimate operation in DarkSpectre campaign affecting millions. The ...
Galena Gazette

Arnold & Itkin Files Lawsuit After Toxic Chemical Release at Houston Port Facility Injures ...

Houston-based personal injury law firm Arnold & Itkin has filed a lawsuit on behalf of a tankerman who suffered severe ...

Trust Wallet links $8.5 million crypto theft to Shai-Hulud NPM attack

Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is ...
Ecommerce Fastlane

Shopify Product Page Speed Audit in 5 Steps

Baseline checklist (15 minutes): Pick one product page that represents your typical template (not a weird one-off). Write ...
The Hacker News

New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code

VVS Stealer is a Python-based malware sold on Telegram that steals Discord tokens, browser data, and credentials using heavy ...
InfoQ

Bun Introduces Built-in Database Clients and Zero-Config Frontend Development

Bun 1.3 revolutionizes full-stack JavaScript development with unified database APIs and zero-config frontend setup. Experience enhanced performance with built-in Redis support and optimized bundling.