「Node.js」にセキュリティリリース、12件の脆弱性を修正

「Node.js」のセキュリティアップデートが、6月18日(米国時間)に実施された。今回リリースされたバージョンは、以下の通り。できるだけ早い更新が望ましい。 CVE-2026-48933 :Node.js WebCrypto AES Integer ...
The Next Web

Henrique Schmaiske and the human work behind Meteor 3.0

Meteor CTO Henrique Schmaiske led the framework's largest release in over a decade, removing Fibers and migrating to async/await across 2,300 commits while keeping 500,000+ active installations stable ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
The Hacker News

152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic

Researchers found 152 Chrome extensions with 105,000 installs tied to adware, data collection, and fake Google organic traffic.
Game*Spark

ブラウザだけで動作する3Dデモ『Messenger』が話題を呼ぶ。小さな ...

ブラウザだけでプレイできる、完全3Dのウォーキングシミュレーター『Messenger』が話題を呼んでいます。 ブラウザだけでこんな3D表現が!?と驚くテック界隈 本作はWebブラウザ上で3D表現を実現する"WebGL"と"Three.js"の組み合わせで制作された3Dウォーキングシミュレーターです。プレイヤーは小さな惑星を自由に歩き回り、人々から頼まれた手紙やメッセージの配達をこなすことが目的です ...
Hackaday

This Week In Security: Arch AUR, Steam Marketplace, WordPress All Face Issues, Taco-Themed ...

Starting on June 11, 2026, the Arch User Repository (AUR) was targeted by malware which rapidly compromised over 1,500 packages. The AUR repository allows for abandoned community packages to be taken ...