Javascript stories

Chainguard expands its rebuilt-from-source Libraries to Python, Java and JavaScript, targeting malware risks in AI-driven software supply chains.

Meta hands React and React Native to a new Linux Foundation-backed React Foundation, promising neutral, community-led governance.

ActiveState launches a 79m-component secure open source catalogue to centralise software supply chains and cut enterprise vulnerability risk.

Developers granting AI agents broad, unsupervised access to code and systems are creating new software supply chain and data exposure risks.

OpenSilver 3.3 lets developers embed native Blazor components in XAML apps, uniting WPF-style UI with the Blazor ecosystem.

Cloudflare snaps up the Astro web framework, vowing to keep it open source while tying it closer to its performance and developer platform.

Intruder finds over 42,000 sensitive tokens hidden in JavaScript bundles, exposing a major blind spot in modern web app security tools.

Progress launches agentic AI tools in Telerik and Kendo UI to auto-generate production-ready screens and boost developer productivity.

Socket launches a beta Ruby analysis engine to reduce false alerts by identifying truly exploitable vulnerabilities in Ruby applications.

OpenAI's AI models lead secure code generation with up to 72% pass rate, outpacing rivals who show little progress despite ongoing sector development.

Reflectiz has raised $22 million in Series B funding to expand its AI-driven web risk platform and establish a global HQ in Boston.

The Linux Foundation is launching the React Foundation to govern React and React Native, with Meta and firms like Amazon and Microsoft among its founding members.

Microsoft details how its AI-driven tools detected and blocked a sophisticated SVG phishing campaign that mimicked PDFs and used AI-generated code.

A Stack Overflow survey finds 84% of developers use AI tools, yet 46% mistrust AI output, highlighting a growing trust gap despite rising adoption.

Harness launches AI Test Automation to speed up DevOps testing, cutting test creation time by 90% and boosting automation coverage for faster releases.

A malware attack has hit 16 React Native npm packages, putting around 1 million weekly downloads at risk of Remote Access Trojan infection.

Siemens Digital Industries Software honoured leaders in digital innovation and sustainability with its Techcellence Awards, spotlighting global pioneers driving transformation.

Datadog reveals updated DevSecOps report showing Java's vulnerabilities and announces Metaplane acquisition to boost data observability and AI monitoring.

Kaspersky reveals a six-fold spike in phishing attacks via SVG image files in March 2025, targeting users with fake Google and Microsoft login pages.

ABBYY unveils Document AI API, a developer-friendly tool to convert unstructured business documents into accurate data, boosting automation in workflows.