Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...
Interesting Engineering

New robot vision system grasps glass, shiny objects without depth sensors

Robots can now grasp transparent and reflective objects using a new RGB-based vision method without depth sensors.
IEEE

CA2Det: Cascaded Adaptive Fusion Pyramid Network Based on Attention Mechanism for Small Object Detection

Abstract: How to achieve fast and accurate small object detection holds crucial theoretical and practical significance. However, this task encounters substantial challenges due to scale differences ...
IEEE

Precise String Domain for Analyzing JavaScript Arrays and Objects

Abstract: JavaScript is a scripting language that is used for creating web pages. It is widely used and a top contender in realworld usage. JavaScript has many dynamic features that makes it ...
InfoWorld

Java future calls for boosts with records, primitives, classes

Features now not included in Java releases will be added, while Java theme ambitions plan for easier use for immutable data ...