Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
InfoWorld

New npm worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.
GitHub

Windows: Rust native binary uses Unix sockets (.sock) instead of TCP, Node.js daemon crashes after first connection

The CLI entry point ( in/agent-browser.js) spawns the native Rust binary ( gent-browser-win32-x64.exe). This binary always looks for a Unix domain socket at ~/.agent ...
IEEE

Self-learning Model for Node.js-based Backend Web Programming Featuring Automatic Source Code Verification

Abstract: The significance of web applications has grown immensely due to the widespread availability of the internet and their extensive usage across various devices. Currently, Node.js emerged as ...
The Hacker News

Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier ...