AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
InfoQ

Webpack Publishes 2026 Roadmap with Native CSS Support, Universal Target, and Path to Version 6

Webpack's 2026 roadmap, led by Even Stensberg, unveils substantial enhancements aimed at modernizing the bundler. Key ...

Google GWS CLI Brings Full Workspace Access to AI Agents

Google Workspace CLI adds cross-app command control with pre-built skills; setup needs Google Cloud APIs and an OAuth client in one project.