SecurityWeek

Chrome 140 Update Patches Sixth Zero-Day of 2025

An exploited zero-day in the V8 JavaScript engine tracked as CVE-2025-10585 was found by Google Threat Analysis Group this week.
ZDNet

Another one-line npm package breaks the JavaScript ecosystem

An update to a tiny JavaScript library has thrown a large part of the JavaScript ecosystem into chaos on Saturday, with millions of projects believed to have been impacted. Making the entire situation ...