Facebook discovered a new information-stealing malware distributed on Meta called ‘NodeStealer,’ allowing threat actors to steal browser cookies to hijack accounts on the platform, as well...
NodeBB, a Node.js platform for creating forum applications, has patched a prototype pollution vulnerability that could allow attackers to impersonate other users and take over administrator accounts. The vulnerability was...
A prototype pollution vulnerability that could lead to remote code execution (RCE) in Parse Server has been patched. An attacker could potentially trigger RCE through the...
A critical vulnerability arising from improper input validation has been addressed in XMLDOM, the JavaScript implementation of W3C DOM for Node.js, Rhino, and browsers. The flawed...
A security flaw in Parse Server that enabled brute-force guessing of sensitive user data on the API server module for Node.js and the Express WAF has...
Users of Parse Server, a popular API server module for Node/Express, are being urged to immediately apply a fix for a remote code execution (RCE) vulnerability. Discovered by security researchers...
JavaScript developers will be better equipped to prevent malicious packages from slipping into their applications thanks to a trio of tools released by JFrog, the software company claims....
The developers behind Node.js have released new versions of several release lines to address four vulnerabilities in the server-side technology. Node.js is a popular JavaScript runtime environment for...
GitHub security researchers have released details of two vulnerabilities they discovered in NPM, the Node.js package manager, one of which could allow a malicious actor to publish new...
A bug in vm2, a sandbox for testing untrusted JavaScript code, makes it possible for malicious parties to circumvent the library’s security controls and carry out remote...
Recent Comments