Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens ...
InfoQ

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...
CSO Online

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

Microsoft Exchange 0-Day Exploit Sparks Emergency Warning — Hackers Are Attacking Unpatched Servers

Microsoft Exchange Servers are under threat from a zero-day vulnerability, exploited via crafted emails. With no official ...
Dark Reading

Fake Android Apps Commit Carrier Billing Fraud for Premium Services

The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.
CSO Online

Expired domain leads to supply chain attack on node-ipc npm package

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...
InfoWorld

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...
FinanceFeeds

Top 10 High-paying Web3 Jobs for Rust Developers This Year

As more entities adopt Web3, companies are actively searching for Rust developers to build blockchain infrastructure, smart ...
Tech Times

LinkedIn Scans Every Chrome User’s Browser Extensions and Ties the Inventory to Their Professional Identity

Every time a professional opens LinkedIn in a Chrome-based browser today, hidden JavaScript silently probes their device for ...

Transnational investigations are being hindered by Canada’s lack of lawful access powers, CSIS says

Senior public safety official says minister is open to new ideas on controversial bill, prepared to make changes ...

Major Canadian online privacy company plans to leave country if lawful access bill passes

A Canadian company providing online privacy and security tools says it would leave the country over a federal bill that could ...