Bleeping Computer

Google fixes fourth Chrome zero-day exploited in attacks in 2026

Google released emergency updates to fix another Chrome zero-day vulnerability exploited in attacks, marking the fourth such security flaw patched since the start of the year. "Google is aware that an ...
GitHub

Remote shell for JavaScript servers.

Eval, exec, and filesystem access to any running JavaScript server over HTTP — with ECDSA public-key auth, scoped permissions, and path-jailed filesystem. Built for AI agents and curious humans!
IEEE

BCFuzz: Bytecode-Driven Fuzzing for JavaScript Engines

Abstract: The interpreter and the Just-In-Time (JIT) compiler are two core components of modern JavaScript engines, both of which take bytecodes as input. Most bugs in these components are closely ...