Bleeping Computer

GhostPoster attacks hide malicious JavaScript in Firefox addon logos

A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions with more than 50,000 downloads, to monitor browser activity and plant a backdoor. The ...
GitHub

External JavaScript for yt-dlp supporting many runtimes

The project provides lockfiles for every supported package manager. If you only have Python and a JS runtime, then you may instead run ./hatch_build.py. This will transparently invoke one of the ...
GitHub

Embedding html5/javascript content in some ways makes it non-interactable

Unsure if this has been reported before in another context - it probably has but I don't know what exactly to look for. It's possible to click on the embed in https ...