Security news aggregator

Latest coverage for JavaScript

Stay updated on JavaScript security concerns – from vulnerabilities to best practices, keep your web applications safe with our info security tag.

6 headlines in this view

JavaScript is a dynamic programming language commonly used to create interactive effects within web browsers. In the context of information security, JavaScript comes into play in various ways. Primarily, it can be both a tool for developers to enhance user experience and a vector for cyber attacks such as Cross-Site Scripting (XSS), where attackers inject malicious scripts into trusted websites.

JavaScript security concerns also include issues such as code injection, event handling, and document object model (DOM) manipulation, which can potentially expose user data or compromise the integrity of web applications. To mitigate these risks, security professionals must rigorously implement best practices such as input validation, output encoding, and the use of content security policies (CSP). Understanding JavaScript security is crucial for protecting web applications from vulnerabilities and ensuring safe user interactions.

Showing 6 most recent headlines Filtered view

The Hacker News 1 week, 2 days ago

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks

More from The Hacker News 26 May 2026, 12:02 a.m. Incident · 5 stories CVE-2026-26980 API CVE Critical Disclosure Flaw JavaScript SQL Threat Actor Unauthenticated Vulnerability

Bleeping Computer 1 week, 3 days ago

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...]

More from Bleeping Computer 25 May 2026, 2:12 a.m. Incident · 5 stories CVE-2026-26980 CVE Critical Flaw JavaScript SQL Vulnerability

The Register 5 months, 4 weeks ago

Cloudflare blames Friday outage on borked fix for React2shell vuln

Security community needs to rally and share more info faster, one researcher says Amid new reports of attackers pummeling a maximum security hole (CVE-2025-55182) in the React JavaScript library, Cloudflare's technology chief said his company took down its own network, forcing a widespread outage early Friday, to patch React2Shell.…

More from The Register 6 Dec 2025, 10:46 a.m. Actively exploited CVE-2025-55182 CVE Cloudflare JavaScript Library Outage Patch

The Hacker News 8 months, 2 weeks ago

Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions

Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been exploited in the wild

More from The Hacker News 18 Sep 2025, 5:49 p.m. Actively exploited CVE-2025-10585 0-Day CVE Chrome Exploit Google JavaScript Patch Vulnerability Web Browser

The Hacker News 1 year, 9 months ago

Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation

Google has revealed that a security flaw that was patched as part of a software update rolled out last week to its Chrome browser has come under active exploitation in the wild

More from The Hacker News 27 Aug 2024, 4:45 p.m. Actively exploited CVE-2024-7965 CVE Chrome Flaw Google JavaScript Patch Vulnerability Warning

The Hacker News 2 years ago

New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation

Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild

More from The Hacker News 15 May 2024, 1:51 a.m. Actively exploited CVE-2024-4761 0-Day CVE Chrome Flaw Google JavaScript Vulnerability Web Browser

Latest coverage for JavaScript

Refine the feed

Tag briefing

Volume over time