javascript security

CVE-2026-33672 is a medium-severity vulnerability in the JavaScript glob-matching library Picomatch, disclosed in late March 2026 and tracked by Microsoft’s Security Update Guide, that can let crafted POSIX character-class patterns produce incorrect filename matches in affected application...

Microsoft’s CVE-2026-33750 entry describes a denial-of-service flaw in the brace-expansion package where a zero-step sequence can drive the process into a hang and memory exhaustion state. The impact language is unambiguous: an attacker can deny availability to the affected component, and in...

A fast-moving, self‑replicating supply‑chain worm has infiltrated the npm ecosystem, harvesting developer credentials and using stolen tokens to republish trojanized packages that in turn spread the infection — a campaign now tracked as “Shai‑Hulud” that security teams and national agencies warn...

In the rapidly evolving landscape of web browsers, security remains an ever-present concern for both users and developers. The recent disclosure of CVE-2025-5959—a Type Confusion vulnerability identified in V8, the JavaScript and WebAssembly engine used by Chromium-based browsers—highlights both...