Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Google is encouraging its database developers to lean "heavily" on AI coding tools as it ramps up contributions to open ...

When OpenAI engineers discovered that a poisoned update to a widely used JavaScript library had executed on two corporate ...

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

A pull request with a Rust version of Anthropic’s Bun, a JavaScript toolkit and runtime originally written in Zig, has been ...

動画ダウンロードツールの「yt-dlp」でYouTubeの動画をダウンロードする場合は、「Deno」や「QuickJS」などのJavaScriptランタイムを導入することが強く推奨されています。これまでは「Bun」もサポート対象だったのですが、2026年5月21日にBunを非推奨とすることが発表されました。

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...

CodeZineは、株式会社翔泳社が運営するソフトウェア開発者向けのWebメディアです。「デベロッパーの成長と課題解決に貢献するメディア」をコンセプトに、現場で役立つ最新情報を日々お届けします。

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...

Security researchers at Sysdig recorded the first exploitation attempt against CVE-2026-44338 — a missing-authentication flaw ...

Toronto City Council has voted against a motion asking Ontario to hold a referendum to measure support for the proposed ...