The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.
Cryptopolitan

Attackers trojanized Arweave’s WeaveDB npm package to deploy malware

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...
Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...
TechRadar

An incredibly popular JavaScript library might have some worrying malware issues

CVE-2025-12735 in expr-eval allows remote code execution via unsafe input evaluation Vulnerable versions ≤2.0.2; patched in 2.0.3 and forked in expr-eval-fork 3.0.0 Developers should sanitize ...
InfoWorld

Better than reflection: Using method handles and variable handles in Java

Reflection was essential to the advanced Java toolkit for years. Now it's being superseded by newer, safer options. Here's how to use MethodHandle and VarHandle to gain programmatic access to methods ...
Wired

JavaScript Runs the World—Maybe Even Literally

A regular column about programming. Because if/when the machines take over, we should at least speak their language. To review: JavaScript is what makes static web pages “dynamic.” Without it, the ...
TheServerSide

The differences between Java and TypeScript devs must know

TypeScript is growing in popularity as the programming language of choice for both front-end and back-end developers. With TypeScript, developers can fully wield the power of the principles and ...