Wikipedia hit by self-propagating JavaScript worm that vandalized pages

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.
GitHub

Barrel file removal tool for JavaScript & TypeScript projects (ESM-only).

Barrel files are convenient, but they often come with trade-offs including: Performance and memory: they artificially inflate the module graph and slow down startup times, HMR, and CI pipelines.
MIT Technology Review

The Download: an AI agent’s hit piece, and preventing lightning

Scott Shambaugh didn’t think twice when he denied an AI agent’s request to contribute to matplotlib, a software library he ...

Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.
MIT Technology Review

The Download: The startup that says it can stop lightning, and inside OpenAI’s Pentagon deal

This is today's edition of The Download, our weekday newsletter that provides a daily dose of what's going on in the world of technology.

Forget 'debloat apps.' Sophia Script gives you real control over Windows 11. Here's how it works.

The Sophia Script is an open-source PowerShell module designed to debloat and fine-tune Windows 11 (and Windows 10). It is ...
GitHub

Extract JavaScript files from burp suite project with ease.

I am not responsible for your actions, burp-suite freezing, target getting hacked, thermonuclear war, or the current economic crisis caused by you following these directions. YOU are choosing to use ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...