The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
FloorDaily.net

Mortgage Applications Rose 10.8% in Week Ending June 5

Mortgage applications increased 10.8% from one week earlier, according to data from the Mortgage Bankers Association’s (MBA) ...
InfoWorld

8 cutting-edge web development tools you don’t want to miss

Eight innovative tools that are reimagining web applications and how we build them. Welcome to the Great Unbloating.
The Caledonian-Record

Roon’s Physician Intelligence Network Launches NEJM Profile

Today, Roon, the physician intelligence network where doctors connect, share expertise, and shape the future of medicine, announced that the New England Journal of Medicine (NEJM) now has a profile ...
The Caledonian-Record

PicS N.V. Notice of August 4, 2026 Application Deadline for Class Action Lawsuit - Contact ...

NEW YORK and NEW ORLEANS, June 09, 2026 (GLOBE NEWSWIRE) -- (“KSF”) and KSF partner, former Attorney General of Louisiana, Charles C. Foti, Jr., notifies ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

Wing shop files for liquor license at former LaSalsa site in Mountain View

The concept is taking over a former LaSalsa location at San Antonio Road and El Camino Real. Multiple chicken chains are ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Judgment on Quebec secularism law may land by end of November, Supreme Court chief justice says

Chief Justice Wagner broached a range of issues at annual press conference including Emergencies Act controversy ...
Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
Tech Times

Cloudflare Buys VoidZero: Vite’s 130M Weekly Users Get a New Vendor-Neutrality Pledge

Cloudflare VoidZero acquisition gives a competing CDN governance of Vite, the open source JavaScript build tool with 130 ...

npm tackles its riskiest security issues

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit ...