The Hacker News

Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow

Node.js has released updates to fix what it described as a critical security issue impacting "virtually every production Node.js app" that, if successfully exploited, could trigger a denial-of-service ...
GitHub

PHP HTTP Request Handler for Node.js

With @platformatic/php-node you can run PHP applications within the same process as a Node.js application, allowing for communication between Node.js and PHP without any network connection in the ...
IEEE

Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node.js Packages

Abstract: With the emergence of the Node.js ecosystem, JavaScript has become a widely used programming language for implementing server-side web applications. In this article, we present the first ...
Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
InfoQ

Vercel’s Next.js 16: Explicit Caching, Turbopack Stability, and Improved Developer Tooling

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
WRBL

JS Link America to bring $223M plant, 520 jobs to Columbus

COLUMBUS, Ga. (WRBL) — Columbus scored a major economic development victory Wednesday morning that will create more than 520 new jobs in the city. Gov. Brian Kemp and Choose Columbus, the city’s ...
Geeky Gadgets

Create No Code Automations Using n8n Code Node

Have you ever wished you could customize your automation workflows without needing to be a coding expert? For many, the idea of writing code feels like an insurmountable barrier, but the n8n Code Node ...
Developer Tech

Node.js 24: A faster, sleeker JavaScript experience

Node.js 24 has officially arrived, and it’s bringing a rather tasty selection of improvements to the table. If you’re a developer knee-deep in web apps or wrestling with asynchronous code, this ...
The Hacker News

Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers

Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first ...
SecurityWeek

Microsoft Warns of Node.js Abuse for Malware Delivery

Microsoft on Tuesday issued a warning over the increasing use of Node.js for the delivery of malware and other malicious payloads. The tech giant has been seeing such attacks aimed at its customers ...
Microsoft

Threat actors misuse Node.js to deliver malware and other malicious payloads

Since October 2024, Microsoft Defender Experts (DEX) has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to ...