Vercel has launched "react-best-practices," an open-source repository featuring 40+ performance optimization rules for React and Next.js apps. Tailored for AI coding agents yet valuable for developers ...

The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. OpenVSX and ...

A malicious npm package named Fezbox has been found using an unusual technique to conceal harmful code. The package employs a QR code as part of its obfuscation strategy, ultimately aiming to steal ...

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...

QR codes that were once seen as a convenient shortcut for checking menus or paying bills have increasingly been turned into weapons. Fake delivery texts, counterfeit payment links and malicious codes ...

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...

You have been warned — do not scan here. An “impossible” to detect smartphone threat is now surging, with a new warning that more than 4 million attacks were observed “in the first half of 2025 alone.

The FBI is warning people of a new scam involving fake packages with QR codes designed to steal data. If people scan the code on a package they were not expecting, it prompts them to provide personal ...

QR codes are popping up everywhere, and now they're being used by scammers in a new scheme. The FBI issued an alert about scammers sending packages with malicious QR codes. These codes often appear on ...