AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.
InfoWorld

Why local-first matters for JavaScript

Every developer should be paying attention to the local-first architecture movement and what it means for JavaScript. Here’s ...

Wikipedia hit by self-propagating JavaScript worm that vandalized pages

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.
InfoQ

Webpack Publishes 2026 Roadmap with Native CSS Support, Universal Target, and Path to Version 6

Webpack's 2026 roadmap, led by Even Stensberg, unveils substantial enhancements aimed at modernizing the bundler. Key ...

Loading Content With JavaScript Does Not Make It Harder For Google Search

Google has removed a whole section from its JavaScript SEO documentation because it was outdated and Google says loading content with JavaScript does not make it hard for Google Search.

Browser engine Servo 0.0.5 released with post-quantum cryptography

The Rust-based browser engine Servo 0.0.5 supports quantum-safe algorithms and improves form controls, performance, and stability.