Cybernews

Who owns your Chrome extension? Researchers warn side projects are being turned into malware

Many Chrome extensions start as small developer projects, and once they gain users, are sold on. But what if the new owner turns out to be a bad actor who gains the ability to update software running ...
The Hacker News

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.
Bleeping Computer

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the ‘PhantomRaven’ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. The campaign ...

Phrase Launches Platform Innovations to Take AI from Playground to Production

New quality, context, and ecosystem capabilities provide enterprises with the tools to confidently deploy AI at scale.

Video.js v10 Delivers 81% Smaller Bundles as Four Major Player Projects Converge

Open source collective reinvents web video players, with minimal adaptive bitrate player now 38kB gzipped vs. typical ...
InfoQ

Webpack Publishes 2026 Roadmap with Native CSS Support, Universal Target, and Path to Version 6

Webpack's 2026 roadmap, led by Even Stensberg, unveils substantial enhancements aimed at modernizing the bundler. Key features include native CSS module support, universal compilation for various ...