CSO Online

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not ...

Top 5 Companies to Hire Node.js Developers: An Expert Guide for 2026

Finding the right talent in the tech industry is rarely a simple task, but sourcing high-quality Node.js developers can feel ...
腾讯网

利用零宽度字符的隐形JavaScript混淆工具InvisibleJS浮出水面

InvisibleJS是一款利用不可见零宽度Unicode字符隐藏JavaScript代码的新型开源工具,其潜在恶意用途已引发安全警报。该工具由开发者oscarmine托管在GitHub上,采用隐写术技术将源代码嵌入看似空白的文件中。 工作原理 ...
InfoWorld

Back to the future: The most popular JavaScript stories and themes of 2025

The key themes that defined the year behind us will also shape the one ahead. The most-read articles of 2025 tracked a return ...

Critical jsPDF flaw lets hackers steal secrets via generated PDFs

The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that ...
FinanceFeeds

Jest “Crypto Is Not Defined” Error: Why It Happens and How to Fix It

Uncover the reasons behind the "crypto is not defined" error in Jest testing environments, explore its common causes in Node.js and jsdom setups ...
SecurityWeek

Critical Vulnerability Patched in jsPDF

A jsPDF vulnerability tracked as CVE-2025-68428 could allow attackers to read arbitrary files, exposing configurations and ...

已修复:周下载 350 万次的 jsPDF 库曝 9.2 分漏洞,可经由 PDF 窃取敏感 ...

IT之家 1 月 8 日消息,科技媒体 bleepingcomputer 昨日(1 月 7 日)发布博文,报道称广泛使用的 JavaScript PDF 生成库 jsPDF 近期报告严重安全漏洞(CVE-2025-68428), CVSS 评分高达 ...
腾讯网

周下载350万次的jsPDF库曝 9.2 分漏洞,可经由 PDF 窃取敏感数据

IT之家 1 月 8 日消息,科技媒体 bleepingcomputer 昨日(1 月 7 日)发布博文,报道称广泛使用的 JavaScript PDF 生成库 jsPDF 近期报告严重安全漏洞(CVE-2025-68428),CVSS 评分高达 9 ...

AI终于能“动手”了!Vercel发布Agent Browser,让大模型直接操控网页

AI Agent的能力边界正在被彻底打破。近日,前端开发平台Vercel正式推出Agent Browser——一款专为AI代理设计的浏览器自动化命令行工具(CLI),首次赋予大模型“不仅看得懂网页,还能亲手操作”的能力。这意味着,未来的AI将不再局限于分析与回答,而是能像人类一样点击、填写、提交甚至完成整套在线任务。