The Hacker News

LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader

LeakNet uses ClickFix via compromised sites to gain access, enabling stealth attacks and scalable ransomware operations.

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.
InfoWorld

Why local-first matters for JavaScript

Every developer should be paying attention to the local-first architecture movement and what it means for JavaScript. Here’s ...

New font-rendering trick hides malicious commands from AI tools

A new font-rendering attack causes AI assistants to miss malicious commands shown on webpages by hiding them in seemingly harmless HTML.
InfoQ

Webpack Publishes 2026 Roadmap with Native CSS Support, Universal Target, and Path to Version 6

Webpack's 2026 roadmap, led by Even Stensberg, unveils substantial enhancements aimed at modernizing the bundler. Key ...