XDA Developers on MSN

Google kept featuring this Chrome extension for months after it turned malicious

How can an extension change hands with no oversight?
The Hacker News

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

DRILLAPP JavaScript backdoor targets Ukraine in Feb 2026, abusing Edge debugging features to spy via camera, microphone, and ...

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Ohio's most prolific child porn downloader volunteered at church, school

Andrew Brown's IP address was flagged as being the most active in Ohio for downloading child pornography, court records say.
GitHub

Barrel file removal tool for JavaScript & TypeScript projects (ESM-only).

Barrel files are convenient, but they often come with trade-offs including: Performance and memory: they artificially inflate the module graph and slow down startup times, HMR, and CI pipelines.
GitHub

sawyer-shi/dify-plugins-tencent_cos

A powerful Dify plugin providing seamless integration with Tencent Cloud Object Storage (COS). Enables direct file uploads to Tencent Cloud COS and efficient file retrieval using URLs, with rich ...