Fortinet warns Stealit malware uses Node.js SEA and fake installers to deliver stealers, RATs, and persistence.

流行的JavaScript包Happy DOM曝出严重安全漏洞，该漏洞可使攻击者逃逸Node.js虚拟机（VM）上下文并在主机系统上执行任意代码。该漏洞被追踪为CVE-2025-61927，CVSSv4评分为9.4。

A：Bun 1.3版本新增了支持热重载的全栈开发服务器、支持PostgreSQL/MySQL/SQLite的SQL API、Redis支持、增强路由、跨平台编译、安全扫描器API以及隔离安装功能，还优化了垃圾收集器，实现了空闲CPU时间减少100倍。

Version 1.3 of the Bun JavaScript runtime and toolkit has landed, pushing forward the project's goal to consolidate ...

Researchers expose Discord webhook C2 in npm, PyPI, RubyGems; North Korean actors published 338 malicious npm packages with ...

做前端，跟上 JS 的最新进展是饭碗。第一次看到 ES2025 的一批提案级“语法糖”，我是真被惊到——没想到 JS 还能这么写。它们不仅让代码更干净优雅，也能显著提升开发效率。

CERT-In has issued a high-severity warning over a major npm ecosystem compromise named ‘Shai-Hulud,’ targeting credentials linked to Google Cloud, AWS, Microsoft Azure, and developer accounts.

A LinkedIn post by Zoho engineer Alim, originally shared four years ago, has gone viral for its powerful story of ...

Codex gives software developers a first-rate coding agent in their terminal and their IDE, along with the ability to delegate ...

The “Failed to retrieve version” error in Garena Free Fire occurs when the game client can’t sync its local version with the ...

Zero Day Initiative（ZDI）近日披露了开源压缩工具 7-Zip 中两处高危漏洞的技术细节，攻击者可诱骗用户打开特制 ZIP 文件实现任意代码执行。目前这两个漏洞已在 7-Zip 25.00 版本中完成修复。

The boom years of tech hiring may have cooled, but the paychecks haven’t. Top software roles still draw six-figure salaries, ...