Socket Threat Research has discovered a malicious NPM package named fezbox, published by a user going by janedu. Ostensibly a harmless library, the package conceals an unusually sophisticated payload: it uses a QR code...
A major incident has rocked the npm ecosystem: the widely-used package eslint-config-prettier suddenly received an update devoid of any corresponding changes on GitHub. Developers quickly grew suspicious—and with good reason. The package’s maintainer later...
Cybersecurity specialists at cside have uncovered a vast and covert cryptocurrency mining campaign that has compromised over 3,500 websites—marking the largest incident of its kind in recent years and signaling the resurgence of tactics...
Google has introduced a new security configuration on Android, tailored for users vulnerable to targeted cyberattacks. Known as Advanced Protection, this suite of features—once exclusive to individual Google Accounts—is now available at the device...
jxscout is a tool designed to help security researchers analyze and find vulnerabilities in JavaScript code. It works with your favorite proxy (Burp or Caido), capturing requests and saving optimized versions locally for easy analysis...
The leading cybersecurity agencies in the United States—CISA and the NSA—have issued a joint report urging software developers to adopt so-called memory-safe programming languages. These are technologies inherently designed to protect against critical memory-related...
