Email Threat Radar – November 2025

Over the last month, Barracuda threat analysts have seen the following notable developments in email-based threats targeting ...

3 Engineer-Approved AI Tools to Master ‘Vibe Coding’ — and 7 Steps to Use Them

"Vibe coding" appeared in early 2025 to describe the simple idea of programming with AI tools. So I tested a range of them — ...
The Caledonian-Record

Researchers try bold new approach in a race to better treat autoimmune diseases

There's a new frontier in treating autoimmune diseases. Today's treatments tamp down the friendly fire but don't fix what's causing it. Now in dozens of studies, scientists are testing ways ...
CSO Online

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser ...

An incredibly popular JavaScript library might have some worrying malware issues

A widely-adopted JavaScript library has been found carrying a critical vulnerability which could allow threat actors to ...
Techzine Europe

Critical vulnerability exposed in JavaScript library expr-eval

A critical security vulnerability in the popular JavaScript library expr-eval allows remote code execution. The bug, with a ...

Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be ...
InfoWorld

How GlassWorm wormed its way back into developers’ code — and what it says about open ...

Weeks after being declared eradicated, GlassWorm is again infesting open source extensions using the same invisible Unicode ...

GlassWorm malware returns on OpenVSX with 3 new VSCode extensions

The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with ...
InfoWorld

AI makes JavaScript programming fun again

What if AI-assisted development is less of a threat, and more of a jetpack? This month’s report tackles vibe coding, along ...
The Hacker News

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities ...
GitHub

QJS - JavaScript in Go with QuickJS and Wazero

QJS is a CGO-Free, modern, secure JavaScript runtime for Go applications, built on the powerful QuickJS engine and Wazero WebAssembly runtime. QJS allows you to run JavaScript code safely and ...