Google has released Chrome 100.0.4896.127 for Windows, Mac and Linux with fixes for two vulnerabilities, to include one zero-day (CVE-2022-1364) exploited in the wild.
GitHub has fixed two node package manager (npm) registry vulnerabilities, one of those could allow an attacker to publish new versions of an npm package without proper authorization.
Cybersecurity researchers have discovered a series of chained Atlassian vulnerabilities that could have allowed an attacker to take over an Atlassian account connected via SSO and control Atlassian applications.
Attackers are using a “fileless” malware dubbed Divergent to generate revenue via click-fraud. Divergent further uses NodeJS and a WinDivert utlility to facilitate the malware attack.