The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...

npm tackles its riskiest security issues

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit ...
note

The Current State of the Software Supply Chain: How to Deal with Malicious Packages Increasing at a Rate of One Every 6 Minutes

One malicious package found every 6 minutes: The reality of attacks targeting the open-source ecosystem—why repositories and build systems are being targeted After reading this article, I felt that ...
The Hacker News

GitHub | Breaking Cybersecurity News | The Hacker News

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat ...

WebMCP Can Be Used To Hijack AI Agents, Chrome Warns

Chrome's WebMCP guidance warns that AI agents can be manipulated through the tools they are built to trust.
note

[Important] Summary of Security and Breaking Changes in 'npm v12' Arriving in July 2026

Hello! I'm masa, a creator focused on IT education and business practice. I regularly share information via note and GitHub about restarting a career in your 30s, learning IT on low-spec PCs, and ...
GitHub

☁️ Cloudflare Web Application Firewall Rules

🔥 Part 1 - Suspicious paths & headers Blocks data leaks, suspicious referrers, malicious and unusual URL paths, as well as empty or anomalous User-Agents. Block 🧨 Part 2 - Malicious extensions & ...