Help Net Security newsletters: Latest news, cybersecurity jobs, open source – subscribe here!

Please turn on your JavaScript for this page to function normally.
npm
Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups

A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized finance apps show pop-ups …

npm
Flood of malicious packages results in NPM registry DoS

Attackers are exploiting the good reputation and “openness” of the popular public JavaScript software registry NPM to deliver malware and scams, but are also …

vm2 vunerability
Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067)

Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires …

Hand
LogoKit update: The phishing kit leveraging open redirect vulnerabilities

Resecurity identified threat actors leveraging open redirect vulnerabilities in online services and apps to bypass spam filters to ultimately deliver phishing content. Using …

npm
New npm flaws let attackers better target packages for account takeover

In this video for Help Net Security, Yakir Kadkoda, Lead Security Researcher, and Assaf Morag, Lead Data Analyst at Aqua Security, talk about new npm flaws that allow …

Vitaliy Lim
JavaScript security: The importance of prioritizing the client side

In this interview with Help Net Security, Vitaliy Lim, CTO at Feroot, talks about the most common JavaScript threats, the devastating impact of malicious or vulnerable code, …

code
Take a walk on the client side: The importance of front-end JavaScript security assessments

As e-skimming, Magecart, and other types of front-end attacks grow in frequency and severity, businesses are faced with finding ways to protect the front-end (i.e., client …

npm
How threat actors are using npm to launch attacks

WhiteSource released a threat report based on malicious activity found in npm, the most popular JavaScript package manager used by developers worldwide. The report is based on …

npm
GitHub fixed serious npm registry vulnerability, will mandate 2FA use for certain accounts

GitHub has fixed a serious vulnerability that would have allowed attackers to publish new, malicious versions of any existing package on the npm registry. About the fixed …

Hand
Trojan Source bugs may lead to extensive supply-chain attacks on source code

Cambridge University researchers have detailed a new way targeted vulnerabilities can be introduced into source code while making them invisible to human code reviewers, …

UA-Parser-js
Popular npm package hijacked, modified to deliver cryptominers

Several versions of the npm package for UA-parser.js, a widely used JavaScript library, have been modified to include malicious code and have been made available for download. …

Software
Skyflow Fintech Privacy Vault accelerates product development for software teams

Skyflow announced a new zero trust data privacy vault that allows software teams to build and ship next-generation financial apps and systems faster. The new Fintech Privacy …

Don't miss

Cybersecurity news