Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

The AI company's Bumblebee tool tackles your most urgent question after any supply‑chain advisory: Do your programmers have ...

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique ...
Windows Report

Mozilla Releases Firefox Update With Split View and Stability Fixes

Firefox 151.0.2 fixes Split View bugs, Windows crashes, caching problems, and several website rendering issues.

After cyberattacks: TanStack considers restrictions for pull requests

TanStack tightens security measures after supply chain attacks. Pull requests may soon only be possible by invitation.
Security Boulevard

Hidden Risks Behind HTTP Request Smuggling

Web applications rely on multiple layers of infrastructure to process user requests efficiently. Load balancers, reverse proxies, caching servers, and application servers all work together to improve ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...
IEEE

Website Fingerprinting Through the Cache Occupancy Channel and its Real World Practicality

Abstract: Website fingerprinting attacks use statistical analysis on network traffic to compromise user privacy. The classical attack model used to evaluate website fingerprinting attacks assumes an ...
adexchanger

Microsoft To Stop Caching Prebid Video Files, Leaving Publishers With A Major Ad Serving Problem

Most publishers have no idea that a major part of their video ad delivery will stop working on April 30, shortly after Microsoft shuts down the Xandr DSP. For publishers that rely on Prebid and Google ...
TechRadar

Fake VPN checker tool lets hackers bypass antivirus protections

Attackers use fake Fortinet dialogs and social engineering to trick users into executing malware Cache smuggling hides malware in browser cache, bypassing download and PowerShell detection tools ...
GitHub

Complete memoize/cache solution for JavaScript

Originally derived from es5-ext package. Memoization is best technique to save on memory or CPU cycles when we deal with repeated operations. For detailed insight see ...
The Hacker News

Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code execution. Patches for the first ...