Bleeping Computer

JavaScript Packages Caught Stealing Environment Variables

On August 1, npm Inc. — the company that runs the biggest JavaScript package repository — removed 38 JavaScript npm packages that were caught stealing environment variables from infected projects.
ZDNet

JavaScript Template Attacks expose new browser fingerprinting vectors

Academics have come up with a new technique that leaks data about users' browsers; enough to defeat anti-fingerprinting systems and privacy-preserving browser extensions to provide ways to identify ...