Bleeping Computer

AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code

The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. The payload can intercept cryptocurrency wallet addresses entered on ...
TechRadar

An incredibly popular JavaScript library might have some worrying malware issues

CVE-2025-12735 in expr-eval allows remote code execution via unsafe input evaluation Vulnerable versions ≤2.0.2; patched in 2.0.3 and forked in expr-eval-fork 3.0.0 Developers should sanitize ...
Bleeping Computer

Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...
The Hacker News

Why React Didn't Kill XSS: The New JavaScript Injection Playbook

React conquered XSS? Think again. That's the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype ...
GitHub

user-input

An interactive web application designed to track and log workouts using geolocation and map functionalities. The app allows users to add details about their activities, such as running or cycling, and ...
InfoWorld

Intro to HTMX: Dynamic HTML without JavaScript

HTMX is the HTML extension syntax that replaces JavaScript with simple markup. It could change the course of web development. HTMX lets you use an extended HTML syntax instead of JavaScript to achieve ...
InfoWorld

Using JavaScript and forms

Of all the hats JavaScript can wear, its form-processing features are among the most sought and used. Learn how to use JavaScript for form processing, validation, and more. Forms are an essential part ...