This 30-Year-Old Code Keeps the Internet Running

JavaScript turns 30–and looks back on an astonishing history. What began as a hastily built prototype now dominates almost ...

Open-source toolkit: AI company Anthropic acquires Bun

AI company Anthropic has acquired the open-source JavaScript toolkit Bun, which it uses for the infrastructure of Claude Code ...
InfoWorld

Microsoft steers native port of TypeScript to early 2026 release

TypeScript 7.0, which implements the language service and compiler in Go, promises to improve performance, memory usage, and ...
InfoWorld

Developers urged to immediately upgrade React, Next.js

Critical vulnerability in React library should be treated by IT as they did Log4j - as an emergency, warns one expert.

Cloudflare blames Friday outage on borked fix for React2shell vuln

Amid new reports of attackers pummeling a maximum security hole (CVE-2025-55182) in the React JavaScript library, ...
Dark Reading

React2Shell Vulnerability Under Attack From China-Nexus Groups

A maximum-severity vulnerability affecting the React JavaScript library is under attack by Chinese-nexus actors, further ...
HealthcareInfoSecurity

Chinese Nation-State Groups Tied to 'React2Shell' Targeting

Warnings continue to mount over a critical vulnerability in the widely used web application framework React, with threat ...
CSOonline

North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes

North Korea-linked Contagious Interview campaign is now luring developers with trojanized coding tasks and pulling obfuscated payloads from public JSON-storage services like JSON Keeper, JSONSilo, and ...

Google Antigravity vibe-codes user's entire drive out of existence

In what appears to be the latest example of a troubling trend of "vibe coding" software development tools behaving badly, a ...
Dark Reading

'ShadyPanda' Hackers Weaponize Millions of Browsers

The China-based cyber-threat group has been using malicious extensions on the Google Chrome and Microsoft Edge marketplaces ...

This week in AI updates: Anthropic acquires Bun, GPT-5.1-Codex-Max added to API, and more (December 5, 2025)This week in AI updates: Anthropic acquires Bun, GPT …

Bun is a JavaScript, TypeScript, and JSX toolkit, and Anthropic plans to incorporate it into Claude Code to improve ...
Security Boulevard

ShadyPanda Takes its Time to Weaponize Legitimate Extensions

ShadyPanda spent seven years uploading trusted Chrome and Edge extensions, later weaponizing them for tracking, hijacking, and remote code execution. Learn how the campaign unfolded.