GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.

Builderius WordPress Page Builder Integrates Claude AI

Builderius page builder announced an experimental AI integration that can read and apply changes directly inside the builder.
InfoWorld

WinterTC: Write once, run anywhere (for real this time)

The unified JavaScript runtime standard is an idea whose time has come. Here’s an inside look at the movement for server-side JavaScript interoperability. The WinterCG community group was recently ...
CMS Wire

Umbraco Launches Compose to Maximize Value Delivered by Composable Digital Platforms

New SaaS product standardizes data structure, ingestion and delivery and helps prepare digital experiences and e-commerce sites for agentic AI Odense, Denmark, 3 rd February 2026, Umbraco has launched ...
GitHub

acortesgit/ruby_project_manager

app/ ├── models/ # Main models (User) ├── graphql/ # GraphQL API (Types, Queries, Mutations) ├── jobs/ # Background Jobs (ActivityLoggerJob ...
InfoWorld

The JavaScript code won’t write itself

This month’s theme is: Keep an eye on the future but hone your coding craft in the now. Start here, with nine timeless JavaScript coding concepts, a look at Nitro.js—fast becoming the go-to server ...
GitHub

WhereareyouRAJ/Vendure-using-Docker-compose

Clone the repository. Navigate to the root folder: ...
Microsoft

Threat actors misuse Node.js to deliver malware and other malicious payloads

Since October 2024, Microsoft Defender Experts (DEX) has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to ...