How can we call JavaScript from Blazor?
Read more here:
https://www.devleader.ca/2023/10/13/how-to-call-javascript-from-blazor-web-assembly-breaking-boundaries-with-javascript-interop/
How can we call JavaScript from Blazor?
Read more here:
https://www.devleader.ca/2023/10/13/how-to-call-javascript-from-blazor-web-assembly-breaking-boundaries-with-javascript-interop/
Does this #webdev pattern mean anything to you? Is it a #JavaScript framework's typical home page?
<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>
I'm seeing many different suspicious #spam domains use this as their home page HTML.
Show HN: A code editor that integrates into the browser
https://tachicode.dev/
#ycombinator #code #editor #tachi #react #typescript #javascript
What #libre #IDE (integrated development environment for programming code) would y'all want to coalesce around using, supporting, and developing? Asking especially for coding websites and applications with #PHP, #JavaScript, #CSS, and #HTML but #Python, #Elixir, #Rust, and #Go would all be great for us @agaric too.
Control-Flow Flattening Obfuscated #JavaScript Drops #SnakeKeylogger.
The #malware uses layered obfuscation to hide execution logic and evade traditional detection. Our data shows banking is the most affected sector among our users, nearly matching all the other industries combined. As part of widespread #MaaS #phishing campaigns, Snake targets high-value industries including fintech, healthcare, and energy, making instant threat visibility and behavioral analysis essential.
Execution chain:
Obfuscated JS ScriptRunner.exe
EXE
CMD
extrac32.exe
PING delay
Snake
The attack begins with a loader using control-flow flattening (#MITRE T1027.010) to obscure its logic behind nested while-loops and string shifts.
The loader uses COM automation via WshShell3, avoiding direct #PowerShell or CMD calls and bypassing common detection rules.
️ Obfuscated CMD scripts include non-ASCII (Japanese) characters and environment variables like %…%, further complicating static and dynamic analysis.
Two CMD scripts are dropped into ProgramData to prepare the execution environment. This stage involves #LOLBAS abuse: legitimate DLLs are copied from SysWOW64 into “/Windows /” and Public directories. The operation is performed using extrac32.exe, known #LOLBin and JS script functionality. This combination helps bypass detection by imitating trusted system behavior.
Persistence is established by creating a Run registry key pointing to a .url file containing the execution path.
Snake is launched after a short delay using a PING, staggering execution.
See execution on a live system and download actionable report:
https://app.any.run/tasks/0d53bef9-c623-4c2f-9ce9-f1d3d05d21f3/?utm_source=mastodon&utm_medium=post&utm_campaign=obfuscated_js_snake&utm_term=240725&utm_content=linktoservice
Explore #ANYRUN’s threat database to proactively hunt for similar threats and techniques and improve the precision and efficiency of your organization's security response: https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=obfuscated_js_snake&utm_content=linktoservice&utm_term=240725#%7B%2522query%2522:%2522commandLine:%255C%2522extrac32*.dll*.%255C%2522%2522,%2522dateRange%2522:180%7D
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=obfuscated_js_snake&utm_content=linktoservice&utm_term=240725#%7B%2522query%2522:%2522commandLine:%255C%2522%255C%255C%255C%255CWindows%2520%255C%255C%255C%255C%255C%2522%2522,%2522dateRange%2522:180%7D
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=obfuscated_js_snake&utm_content=linktoservice&utm_term=240725#%7B%2522query%2522:%2522commandLine:%255C%2522ping%2520%2520127.0.0.1%2520-n%252010%255C%2522%2522,%2522dateRange%2522:180%7D
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=obfuscated_js_snake&utm_content=linktoservice&utm_term=240725#%7B%2522query%2522:%2522registryKey:%255C%2522%255C%255CRun$%255C%2522%2520AND%2520registryValue:%255C%2522.url$%255C%2522%2522,%2522dateRange%2522:180%7D
#IOCs:
54fcf77b7b6ca66ea4a2719b3209f18409edea8e7e7514cf85dc6bcde0745403
ae53759b1047c267da1e068d1e14822d158e045c6a81e4bf114bd9981473abbd
efd8444c42d4388251d4bc477fb712986676bc1752f30c9ad89ded67462a59a0
dbe81bbd0c3f8cb44eb45cd4d3669bd72bf95003804328d8f02417c2df49c481
183e98cd972ec4e2ff66b9503559e188a040532464ee4f979f704aa5224f4976
reallyfreegeoip[.]org
104[.]21[.]96[.]1
https[:]//reallyfreegeoip[.]org/xml/78[.]88[.]249[.]143
registryValue: Iaakcppq.url
Gain full visibility with #ANYRUN to make faster, smarter security decisions.
Entwickler sollten handeln: Malware in prominente Javascript-Projekte eingeschleust - Golem.de
https://www.golem.de/news/entwickler-sollten-handeln-malware-in-prominente-javascript-projekte-eingeschleust-2507-198445.html #Cybercrime #Malware #JavaScript
TIL: A single `%` character can break a website
Was helping a friend debug her React app and discovered this fun URL fact:
The `%` symbol in URLs is special - it starts percent-encoding sequences (like `%20` for spaces). But if it's not followed by valid hex digits, browsers throw "URIError: malformed URI sequence" errors.
Wrote up the full explanation if you're curious about the technical details → https://shinglyu.com/web/2025/07/22/why-the-percent-sign-breaks-your-website-and-how-to-fix-it.html
dailycoding - 20250724 / graphic
#p5js #javascript #Processing #generativeart #creativecoding #dailycoding
code : https://openprocessing.org/sketch/2694770
It is so easy to build a well structured and performant web app using nothing but vanilla #javascript, CSS and HTML that I wonder why we even use some of these frontend frameworks, bundlers or even npm for that matter. It's probably like a life choice at this point than a serious technical choice. #softwaredevelopment
Bardzo przydatny tekst pokazując przykłady, jak pobierać zaawansowane statystyki wydajnościowe z przeglądarki użytkownika i np. wysyłać je na serwer do analizy. Warto o tym wcześniej poinformować użytkownika, ale takie dane to często skarb.
#JavaScript #programowanie #WebDev
https://www.freecodecamp.org/news/the-front-end-monitoring-handbook/
One day, one decomposition
A001359: Lesser of twin primes
3D graph, threejs - webGL https://decompwlj.com/3Dgraph/Lesser_twin_primes.html
3D graph Gen, threejs animation https://decompwlj.com/3DgraphGen/Lesser_twin_primes.html
2D graph, first 500 terms https://decompwlj.com/2Dgraph500terms/Lesser_twin_primes.html
good night
Supply chain attack alert: A threat actor gained access to Toptal's GitHub org, making 73 repos public and injecting malicious payloads into 10+ npm packages.
Full research: https://socket.dev/blog/toptal-s-github-organization-hijacked-10-malicious-packages-published #NodeJS #JavaScript
Very nice video from #dhh about a lot of things, the history and future of programming and software engineering, the history of ruby on rails and the love for ruby, the cloud and the cloud-exit, javascript and much more things.
6h of nice talks :)
Handling JavaScript Event Listeners With Parameters, by @smashingmag:
https://www.smashingmagazine.com/2025/07/handling-javascript-event-listeners-parameters/
Thinking about learning to code? #JavaScript is the perfect place to start. This article explains why this dynamic language remains a top choice for building everything from websites to server-side apps.
NPM 'accidentally' removes Stylus package, breaks builds and pipelines https://lobste.rs/s/2i7to2 #javascript #security
https://www.bleepingcomputer.com/news/security/npm-accidentally-removes-stylus-package-breaks-builds-and-pipelines/