Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.

Use the JavaScript captcha solver to automatically bypass any captcha - including reCAPTCHA v2, Invisible, v3, Enterprise, Cloudflare Turnstile, GeeTest sliders, Amazon WAF, FunCaptcha, and both image ...

FROST uses JavaScript and OPFS SSD timing to identify websites at 88.95% F1, exposing cross-browser privacy leaks.

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Just before appearing for his own Class 12 board exams, teenager and cybersecurity hobbyist Nisarga Adhikary claims he uncovered major vulnerabilities in a portal linked to CBSE’s digital evaluation ...

CBSE has not officially named the private firm that designed the On-Screen Marking (OSM) system. Procurement records show tenders were floated for scanning, stapling, and technical support services, ...

Around April 23, I knew something was up: I started getting deluged with pings about SAP's API policy changes. I don't know about you, but when I hear about changes to fine print in data access, my ...

At Google I/O 2026, Google announced enhancements to its AI agent development platform, Google Antigravity, and the availability of managed agents through the Gemini API. Google explained that its aim ...

A supply chain attack was carried out against TanStack, a set of libraries widely used in JavaScript and React development, by releasing malware-infused versions of its npm packages. According to ...