A potentially “catastrophic” security vulnerability in Netmask, an NPM package used by more than 279,000 open source projects, has been patched after lying undiscovered for nine years. The...
The majority of the web is now protected against information disclosure exploits that leverage the HTTP referrer header after Mozilla announced a privacy-focused Firefox update. Launched yesterday (March...
Google has teamed up with the Linux community on a new project that aims to make open source software more secure through easy code signing and...
Maintainers of the NPM Registry and Python Package Index (PyPI) have removed thousands of rogue packages smuggled into the repositories via the novel ‘dependency confusion’ technique....
Claims by a respected German mathematician that the widely used RSA algorithm has been cracked by an advance in cryptoanalysis have received a respectful but cautious response. One-way...
Supposedly benign behaviors exhibited by JSON parsers can introduce a variety of security risks arising from how data is interpreted across multiple parsers, security researchers have found. Of...
An upcoming upgrade to WordPress will make it much easier for website owners to upgrade from HTTP to HTTPS. WordPress 5.7 – currently available as a beta release and...
The default behavior of pip, the Python package installer, leaves the software development process vulnerable to ‘dependency confusion’ attacks, a software vendor has discovered. Use of the...
Centris, a new tool developed by a global team of researchers from Korea University and the Georgia Institute of Technology, is designed to make the reuse...
Developers of the Vue.js JavaScript framework have addressed a nasty cross site scripting (XSS) vulnerability in the Chrome extension, but only acted after researchers went public in exposing...
Recent Comments