The Hacker News

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

WebRTC skimmer exploits PolyShell flaw since March 19, hitting 56.7% stores, enabling stealth data theft bypassing CSP.

A simple coding mistake is exposing API keys across thousands of websites

A large-scale study has revealed that websites are unintentionally exposing API keys tied to services like AWS, Stripe, and OpenAI, with most leaks traced back to publicly accessible JavaScript files.
New Scientist

Security credentials inadvertently leaked on thousands of websites

Researchers identified nearly 10,000 websites where API keys could be found, exposing details that could let attackers access ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

JetBrains releases WebStorm 2026.1 with TypeScript 6 support and Wayland by default on Linux0 0

JetBrains' popular web development IDE, WebStorm, has received its 2026.1 update, bringing several improvements, including ...