Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
InfoWorld

First look: Electrobun for TypeScript-powered desktop apps

Powered by the TypesScript-native runtime Bun, Electrobun improves Electron with a smaller application footprint and built-in ...

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
GitHub

MeridianAlgo-Developer/Javascript-Packages

MeridianAlgo is a professional-grade, high-performance quantitative finance framework for JavaScript and TypeScript. It provides institutional-quality tools for algorithmic trading, backtesting, risk ...
Yahoo Finance

Installed Building Products Announces the Acquisition of Thermo-Tech Mechanical Insulation, Inc., Biomax Spray Foam Insulation, LLC, and CKV Finished Products LLC

COLUMBUS, Ohio, February 02, 2026--(BUSINESS WIRE)--Installed Building Products, Inc. (the "Company" or "IBP") (NYSE: IBP), an industry-leading installer of insulation and complementary building ...
GitHub

MobileKit Start Kit NativePHP 1.x, Filament 4.x and Laravel 12.x

MobileKit is a robust starter kit built on Laravel 12.x, Filament 4.x and NativePHP 1.x, designed to accelerate the development of modern native desktop and mobile applications with a ready-to-use ...
ZDNet

5 Windows apps I always install first on a new PC - and they're free to download

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...