InfoWorld

The browser is your database: Local-first comes of age

The thick client is making a comeback. Here’s how next-generation local databases like PGlite and RxDB are bringing ...

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Neymar scores milestone 2 for Santos and boosts case to be in Brazil World Cup squad

Neymar has broken into the top 10 of Santos club’s all-time leading goalscorers this week after scoring twice in a 2-1 win ...
The Hacker News

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Four rogue NuGet packages and one npm package stole ASP.NET Identity data, deployed C2 backdoors, and reached over 50,000 ...
InfoWorld

WinterTC: Write once, run anywhere (for real this time)

The unified JavaScript runtime standard is an idea whose time has come. Here’s an inside look at the movement for server-side JavaScript interoperability.
The Hacker News

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Chrome CVE-2026-0628 let malicious extensions hijack Gemini panel for privilege escalation, local file access, and ...

LibreOffice Online dragged out of the attic, dusted off for another go

Browser-based version back on the menu, reopening questions about TDF's relationship with Collabora The Document Foundation ...
SecurityWeek

OpenClaw Vulnerability Allowed Websites to Hijack AI Agents

An OpenClaw vulnerability allowed malicious websites to take over AI agents, exposing sensitive information and enabling data theft.
Microsoft

Running OpenClaw safely: identity, isolation, and runtime risk

Self-hosted agents execute code with durable credentials and process untrusted input. This creates dual supply chain risk, ...
KWWL

Family of KU student killed in hit-and-run incident files lawsuit against suspect, DoorDash

KANSAS CITY, Missouri (KSHB) -- The parents of KU student Elsa McGrain, who died in a hit-and-run crash in 2025, have filed a wrongful death lawsuit against the suspect and the delivery platform he ...