The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
InfoWorld

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

Google accidentally exposed details of unfixed Chromium flaw

Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background ...
Wired

JavaScript Runs the World—Maybe Even Literally

A regular column about programming. Because if/when the machines take over, we should at least speak their language. To review: JavaScript is what makes static web pages “dynamic.” Without it, the ...