Javascript

Chrome 149.0.7827.102/103 is up to date on Windows and Mac

Update Chrome: Google patches actively exploited vulnerability and 73 others

| | bugs, Chrome, CVE-2026-11645, Javascript, SBN News
Google's latest Chrome update fixes 74 security vulnerabilities, including one under active attack ...
Malwarebytes

Axios Front-End Library npm Supply Chain Poisoning Alert

| | Axios, Blog, Emergency Response, Javascript, node.js, npm, supply chain security
Overview On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker bypassed the normal GitHub Actions CI/CD pipeline ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Revived CryptoJS library is a crypto stealer in disguise

Revived CryptoJS library is a crypto stealer in disguise

| | Javascript, Malware, npm, Vulnerabilities
An illicit npm package called 'crypto-encrypt-ts' may appear to revive the unmaintained but vastly popular CryptoJS library, but what it actually does is peek into your crypto wallet and exfiltrate your secrets ...
2024 Sonatype Blog
A ballet dancer sitting with her head in her hands

‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought

| | App Sec & Supply Chain Security, AppSec & Supply Chain Security, CloudFlare, Funnull, Javascript, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, polyfill, SB Blogwatch, secure software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity
Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ...
Security Boulevard

Polyfill.io supply chain attack hits 100,000+ websites — all you need to know

| | Javascript, Nexus Firewall, npm, supply chain, Vulnerabilities
In a significant supply chain attack, over 100,000 websites using Polyfill[.]io, a popular JavaScript CDN service, were compromised ...
2024 Sonatype Blog
JavaScript malware banking

Web Injection Campaign Targets 40 Banks, 50,000 Users

| | IBM, Javascript, Malware, web injection
Dozens of banks around the word are in the crosshairs of a threat group using JavaScript web injections to steal users’ bank account credentials. The campaign, which the hackers have been preparing ...
Security Boulevard

Silent Skimmer: The Rising Threat in Card-Skimming Attacks

| | Blog, card skimming, digital supply chain, Javascript, Resources, retail, security
A notorious Chinese-speaking threat actor, known for skimming credit card numbers off e-commerce sites and point-of-sale service providers across Asia/Pacific, has expanded its target scope to North and Latin America. The post ...
Blog – Source Defense
Foliage 2023

Foliage 2023

| | data wrangling, DataVis, DataViz, ggplot, Javascript, Observable
The days are getting shorter and when we were visiting Down East Maine the other week, there was just a hint of some trees starting to change up their leaf palettes. It ...
rud.is

Keeping Track Of URLs Shared On Bluesky

| | Javascript, Observable, SQL
While the future of Bluesky is nowhere near certain, it is most certainly growing. It’s also the largest community of users for the AT Protocol. Folks are using Bluesky much the same ...
rud.is
JavaScript: A Taxing Situation

JavaScript: A Taxing Situation

| | Blog, data leakage, data theft, Javascript, Resources
An authorized IRS eFile website is the latest victim of a JavaScript attack. eFile.com has become the victim of an attack which originated in a previously innocent JavaScript file. The javascript file, ...
Blog – Source Defense
Load more