New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
InfoQ

Webpack Publishes 2026 Roadmap with Native CSS Support, Universal Target, and Path to Version 6

Webpack's 2026 roadmap, led by Even Stensberg, unveils substantial enhancements aimed at modernizing the bundler. Key ...

Fake Claude Code install guides push infostealers in InstallFix attacks

Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users ...

'Introducing Traxus' priority contract walkthrough in Marathon

The "Introducing: Traxus" priority contract in Marathon is, as you'll likely have figured out from the name, required to ...

WebMCP explained: Inside Chrome 146’s agent-ready web preview

WebMCP exposes structured website actions for AI agents. See how it works, why it matters, and how to test it in Chrome 146.
InfoQ

Vue Router 5: File-Based Routing Into Core with No Breaking Changes

Vue Router 5.0 has integrated unplugin-vue-router into its core, enhancing file-based routing and TypeScript support. This ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

Microsoft Defender Experts identified a coordinated developer-targeting campaign delivered through malicious repositories disguised as legitimate Next.js projects and technical assessment materials.
BMJ

How and when to use causal and associational language

Deciding which concepts should be described in causal language and which should not Box 1 contains a short fictional dialogue demonstrating why causal research questions cannot be articulated using ...