The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
Indianapolis Business Journal

Indiana rejects, cancels voter registration for more than half of flagged immigrant Hoosiers

Voting rights advocates are seeking a preliminary injunction, arguing that the law unfairly forces burdens on naturalized ...

Working group formed to develop standard for AI-native docs

Its launch raises the question of what impact a new format will have on human workers, as well as on governance and ...

Banh Mi House brings Vietnamese comfort food to Minneapolis Mill District

A new Vietnamese street food restaurant will have its grand opening this week on Washington Avenue in Minneapolis.
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
InfoWorld

8 cutting-edge web development tools you don’t want to miss

Eight innovative tools that are reimagining web applications and how we build them. Welcome to the Great Unbloating.

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

How to Share a Link to a Particular Phrase

Modern browsers let you share a link that jumps straight to whatever text you wish to highlight. Here’s how the feature works ...
SecurityWeek

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...
The Hacker News

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

FROST uses JavaScript and OPFS SSD timing to identify websites at 88.95% F1, exposing cross-browser privacy leaks.

How a USB-connected speaker can infect a PC without ever being touched

CTP allows devices connected via Bluetooth or USB to send commands to the speaker, such as changing LED colors and equalizer ...
Opinion
HackadayOpinion

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...