A critical prototype pollution vulnerability in Blitz.js, a JavaScript online application framework, has been patched to prevent remote code execution (RCE) on Node.js servers.…
JavaScript
Attackers Look For Weak Plugins on 1.6 Million WordPress Sites
Security experts have discovered a large-scale operation that searched over 1.6 million WordPress websites for the presence of a flaky plugin that permits file…
Use-After-Free Vulnerability in Google Chrome WebGPU
A recent use-after-free vulnerability in Google Chrome’s WebGPU standard was found by Cisco Talos. Cross-platform web browser Google Chrome is built on the open-source…
Using Automated Content Security Policies, You Can Prevent Death By A Thousand Scripts
Businesses are aware that their client-side scripts must be protected. CSPs, or content security policies, are a terrific tool for achieving that. CSPs, however,…
Researchers claim SmartTub site flaws could disclose Jacuzzi consumers data
According to a security researcher, flaws in the online interface of Jacuzzi’s SmartTub app could have allowed an attacker to view and perhaps change…
Magecraft campaign sheds light on the scale of the ongoing campaign
A Magecart skimming campaign, recently discovered, was traced back to an earlier attack in November 2021. Two malware domains have been tracked for hosting…
Researchers discover Malware controlling thousands of websites in the Parrot TDS network
The Parrot traffic direction system(TDS), which was reported earlier this year, had a more profound impact than thought before, research stated. Since February 2019,…
Several WordPress websites were attacked; visitors were redirected to corrupt websites
Cybersecurity researchers have revealed a campaign entailing the injection of malicious JavaScript code into affected WordPress websites. The affected websites redirect visitors to fake…
German companies are being targeted with malicious NPM packages
Cybersecurity researchers have found several malicious packages in the NPM registry, and these packages have been targeting big German companies to execute supply chain…
F5 Security Issues a New BIG-IP Remote Code Execution Vulnerability
F5, a cloud security and application delivery network (ADN) provider, released updates on Wednesday to fix 43 problems across its products. One issue is…