JavaScript Archives - Help Net Security

JavaScript

GitHub fixed serious npm registry vulnerability, will mandate 2FA use for certain accounts

November 17, 2021

GitHub has fixed a serious vulnerability that would have allowed attackers to publish new, malicious versions of any existing package on the npm registry. About the fixed …

Trojan Source bugs may lead to extensive supply-chain attacks on source code

November 2, 2021

Cambridge University researchers have detailed a new way targeted vulnerabilities can be introduced into source code while making them invisible to human code reviewers, …

Popular npm package hijacked, modified to deliver cryptominers

October 26, 2021

Several versions of the npm package for UA-parser.js, a widely used JavaScript library, have been modified to include malicious code and have been made available for download. …

Skyflow Fintech Privacy Vault accelerates product development for software teams

October 9, 2021

Skyflow announced a new zero trust data privacy vault that allows software teams to build and ship next-generation financial apps and systems faster. The new Fintech Privacy …

LoginID SDK empowers developers to integrate FIDO strong authentication into their websites or apps

July 1, 2021

LoginID announced additional SDK options for developers. These SDKs empower developers to integrate FIDO strong authentication into their websites or apps. A recent PYMNTS …

Akamai’s platform security enhancements strengthen protection for web apps, APIs and user accounts

June 17, 2021

Akamai announces platform security enhancements to strengthen protection for web applications, APIs, and user accounts. Akamai’s machine learning derives insight on …

SmartBear expands API lifecycle development platform to backend Java developers

June 16, 2021

SmartBear has released a new plug-in for SwaggerHub API design to support IntelliJ IDEA, the popular Java-based integrated developer environment (IDE). API developers familiar …

Exploiting common URL redirection methods to create effective phishing attacks

May 10, 2021

“Simple” can often be harder than “complex.” When thinking about the trickiest phishing campaigns and their components, URL redirection does not immediately come to mind as …

Sentry enhances platform capabilities to improve developer workflows and productivity

May 9, 2021

Sentry announced new and enhanced platform capabilities designed to improve developer workflows and productivity by making it easier to find and resolve the issues that really …

BigID App Marketplace provides modular add-on apps for data privacy, protection, and perspective

May 5, 2021

BigID announced the release of the BigID App Marketplace, designed to provide BigID customers with modular add-on apps for data privacy, protection, and perspective – in …

Office 365 phishing campaign uses publicly hosted JavaScript code

April 8, 2021

A new phishing campaign targeting Office 365 users cleverly tries to bypass email security protections by combining chunks of HTML code delivered via publicly hosted …

Trifacta expands platform to deliver a data engineering cloud

April 8, 2021

Trifacta announced a major expansion to its platform to deliver the data engineering cloud. In keeping with its mission to create radical productivity for people who work with …

JavaScript

GitHub fixed serious npm registry vulnerability, will mandate 2FA use for certain accounts

Trojan Source bugs may lead to extensive supply-chain attacks on source code

Popular npm package hijacked, modified to deliver cryptominers

Skyflow Fintech Privacy Vault accelerates product development for software teams

LoginID SDK empowers developers to integrate FIDO strong authentication into their websites or apps

Akamai’s platform security enhancements strengthen protection for web apps, APIs and user accounts

SmartBear expands API lifecycle development platform to backend Java developers

Exploiting common URL redirection methods to create effective phishing attacks

Sentry enhances platform capabilities to improve developer workflows and productivity

BigID App Marketplace provides modular add-on apps for data privacy, protection, and perspective

Office 365 phishing campaign uses publicly hosted JavaScript code

Trifacta expands platform to deliver a data engineering cloud

Don't miss

From DDoS to bots and everything in between: Preparing for the new and improved attacker toolbox

Webcast: Why your email encryption solution is doomed

Attackers exploit another zero-day in ManageEngine software (CVE-2021-44515)

The threats of modern application architecture are closer than they appear

EU key management in 2022