Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
The Hacker News

⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More

Active exploits, nation-state campaigns, fresh arrests, and critical CVEs — this week's cybersecurity recap has it all.

JavaScript devs beware: this popular NPM package has been compromised by attackers

An extremely popular NPM package used in many JavaScript projects has been compromised and can wreak havoc on your machine if ...
XDA Developers on MSN

I self-hosted my own Cloudflare Workers replacement, and it's incredibly simple

And more useful than I thought.
InfoWorld

New ‘StoatWaffle’ malware auto‑executes attacks on developers

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, ...
GitHub

Mapbox MCP Server

The Mapbox MCP Server transforms any AI agent or application into a geospatially-aware system by providing seamless access to Mapbox's comprehensive location intelligence platform. With this server, ...
GitHub

Supertonic — Lightning Fast, On-Device TTS

Supertonic is a lightning-fast, on-device text-to-speech system designed for extreme performance with minimal computational overhead. Powered by ONNX Runtime, it runs entirely on your device—no cloud, ...
InfoWorld

Why local-first matters for JavaScript

The JavaScript innovation train is really picking up momentum lately, driven—as always—by the creativity of the JavaScript developer community. The emerging local-first SQL datastores crystalize ideas ...
IEEE

FedMAR: A Privacy-Preserving and Robust Server-Side Multistage Federated Learning

Abstract: In recent years, federated learning (FL) has continued to evolve with the advent of big data and the large-language model (LLM), but it has also exposed numerous security and privacy issues.