Google has released Chrome 100.0.4896.127 for Windows, Mac and Linux with fixes for two vulnerabilities, to include one zero-day (CVE-2022-1364) exploited in the wild.
Google has released Chrome 99.0.4844.84 for Windows, Mac and Linux with fixes for multiple vulnerabilities, to include one zero-day (CVE-2022-1096) exploited in the wild.
GitHub has fixed two node package manager (npm) registry vulnerabilities, one of those could allow an attacker to publish new versions of an npm package without proper authorization.
GitHub fixes 2 npm registry vulnerabilities Read More »
Embedded malware has been discovered in an NPM package ua-parser-js, a popular JavaScript library designed to detect browser, engine, OS, CPU, and device type/model from User-Agent data.
Embedded malware discovered in NPM package ua-parser-js Read More »
Cybersecurity researchers have discovered a series of chained Atlassian vulnerabilities that could have allowed an attacker to take over an Atlassian account connected via SSO and control Atlassian applications.
Attackers could have taken over an Atlassian account via one-click exploit Read More »
Attackers are using a “fileless” malware dubbed Divergent to generate revenue via click-fraud. Divergent further uses NodeJS and a WinDivert utlility to facilitate the malware attack.
Divergent “fileless” NodeJS malware used for click-fraud Read More »
