Popular JavaScript library can be hacked to allow attackers into user accounts

A popular JavaScript cryptography library is vulnerable in a way which could allow threat actors to break into user accounts.

NPM supply-chain attack compromises major ENS and crypto libraries

A researcher reported that more than 400 NPM libraries, including a cluster of ENS-linked crypto packages, were breached by ...
FinanceFeeds

Shai Hulud Malware Hits 400+ JavaScript Packages in Major NPM Supply-Chain Attack

Charlie Eriksen, a researcher at Aikido, identified the infected libraries and confirmed each detection manually to minimize ...

New Sandia Lab breakthrough could boost quantum computing

A team of Sandia National Labs scientists have found a new way to speed up downloads and quantum information transmission by ...
Crypto News

Massive NPM Supply-Chain Attack Targets ENS-Linked Libraries in Shai Hulud Breach

Shai-Hulud malware infiltrates 490 NPM packages, stealing API keys and credentials from ENS and major crypto development ...

Popular Forge library gets fix for signature verification bypass flaw

A vulnerability in the 'node-forge' package, a popular JavaScript cryptography library, could be exploited to bypass ...
DATAQUEST

Anthropic buys Bun as Claude Code hits USD 1B run rate

Anthropic has made one of its biggest engineering moves yet. The company has acquired Bun, the high-speed JavaScript toolkit ...
SecurityWeek

Chrome 143 Patches High-Severity Vulnerabilities

Google promoted Chrome 143 to the stable channel with patches for 13 vulnerabilities reported by external researchers.
IFA Magazine

National Pension Tracing Day campaign mobilises 190,000 people to engage with £31 billion in lost pensions

New analysis from employee benefits consultancy Secondsight shows record numbers of people engaged with what could be ...
SecurityWeek

Chinese Hackers Exploiting React2Shell Vulnerability

Threat actors have apparently started exploiting the newly disclosed React vulnerability tracked as React2Shell and ...
CoinJournal

Shai Hulud malware hits NPM as crypto libraries face a growing security crisis

Shai Hulud malware has infected hundreds of NPM libraries, including major ENS and crypto packages, triggering a JavaScript ...

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.