Ars Technica

Client-side JavaScript file processing may come via File API

A new JavaScript API aims to facilitate limited local filesystem access in Web applications. A draft that documents the new API, authored by Mozilla’s Arun Ranganathan, has been submitted to the World ...
Bleeping Computer

Exploited Windows zero-day lets JavaScript files bypass security warnings

An update was added to the end of the article explaining that any Authenticode-signed file, including executables, can be modified to bypass warnings. A new Windows zero-day allows threat actors to ...
CSOonline

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not properly validated. A now-fixed critical flaw in the jsPDF library could ...