The Hacker News

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack. The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the CVSS ...
Hacker

How to Fix the ReferenceError “__dirname is Not Defined” in Node.js ES Modules

Ankit here - 7y in frontend + backend. Full-stack dev who loves building, debugging, and sharing stories that help other engineers grow. Ankit here - 7y in frontend + backend. Full-stack dev who loves ...
ecommercefastlane

Create Your First React App From Scratch In 2025

Build faster and more maintainable web applications by using React’s reusable component structure. Set up a new React project efficiently by choosing a build tool like Create React App or the faster ...
The Hacker News

Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers

Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first ...
Developer Tech

Masquerading payment npm package installs backdoor

Cybersecurity researchers at Socket have uncovered a malicious npm package that hijacks server control during payment transactions. The package, @naderabdi/merchant-advcash, masquerades as a ...
cryptonews

Lazarus Group Targeting LinkedIn Users As Part Of North Korea Crypto Hacking Scheme

The information on this website is for educational purposes only, and investing carries risks. Always do your research before investing, and be prepared for potential losses. 18+ and Gambling: Online ...
Bleeping Computer

'everything' blocks devs from removing their own npm packages

Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. The package is quite aptly named as ...