Javascript stories

Perforce report says ageing PHP talent pool and rising stack complexity are making it harder for companies to hire and keep experienced developers.

Google says the axios npm supply chain attack was linked to suspected North Korean actor UNC1069, raising fears for Australian and New Zealand firms.

Google has launched Antigravity, a full-stack coding agent in AI Studio that turns text prompts into collaborative, production-ready web apps.

Malicious fake Windsurf IDE extension hid JavaScript, abused Solana to fetch payloads, and stole developers' browser credentials and tokens.

Ransomware group LeakNet adopts ClickFix lures and a Deno-based fileless loader to scale attacks and evade traditional endpoint defences.

Okta and partners pull rogue ShieldGuard Chrome extension that stole crypto wallet data and bypassed browser defences via custom code.

Chainguard expands its rebuilt-from-source Libraries to Python, Java and JavaScript, targeting malware risks in AI-driven software supply chains.

Meta hands React and React Native to a new Linux Foundation-backed React Foundation, promising neutral, community-led governance.

ActiveState launches a 79m-component secure open source catalogue to centralise software supply chains and cut enterprise vulnerability risk.

MODLR has added a Visual Scripting Engine to its CPM platform, letting finance and operations teams build no-code data workflows.

Developers granting AI agents broad, unsupervised access to code and systems are creating new software supply chain and data exposure risks.

OpenSilver 3.3 lets developers embed native Blazor components in XAML apps, uniting WPF-style UI with the Blazor ecosystem.

Cloudflare snaps up the Astro web framework, vowing to keep it open source while tying it closer to its performance and developer platform.

WiseTech pledges AUD $8.7 million to keep Grok Academy's coding platform free for every school and student in Australia and New Zealand.

Intruder finds over 42,000 sensitive tokens hidden in JavaScript bundles, exposing a major blind spot in modern web app security tools.

Progress launches agentic AI tools in Telerik and Kendo UI to auto-generate production-ready screens and boost developer productivity.

Socket launches a beta Ruby analysis engine to reduce false alerts by identifying truly exploitable vulnerabilities in Ruby applications.

OpenAI's AI models lead secure code generation with up to 72% pass rate, outpacing rivals who show little progress despite ongoing sector development.

Reflectiz has raised $22 million in Series B funding to expand its AI-driven web risk platform and establish a global HQ in Boston.

Over 2 million Australian developers boosted productivity and innovation, embracing AI tools like GitHub Copilot amid record growth on GitHub in 2025.