Christian Wenz explains why the Backends for Frontends (BFF) pattern is emerging as a more secure authentication model for single-page applications.

A supply-chain attack affecting Axios, the popular JavaScript library, traced back to DPRK threat activity. (Image: Shutterstock) A supply-chain attack that compromised versions of Axios to distribute ...

DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.

I'm an independent creator passionate about building useful tools, simulations, and theories that make complex ideas more accessible. I explore the intersection of technology, education, and human ...

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not properly validated. A now-fixed critical flaw in the jsPDF library could ...

Critical React Server Components flaw enables remote code execution, prompting urgent crypto industry warnings as attackers exploit CVE-2025-55182 to drain wallets and deploy malware across vulnerable ...

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.