Dark Reading

Apache Issues Max-Severity Tika CVE After Patch Miss

The Apache Software Foundation (ASF) has issued a new CVE identifier for a critical security flaw in Apache Tika because its original vulnerability disclosure failed to capture the full extent of ...
SecurityWeek

Critical Apache Tika Vulnerability Leads to XXE Injection

The bug allows attackers to carry out XML External Entity (XXE) injection attacks via crafted XFA files inside PDF files. A critical-severity vulnerability in the Apache Tika open source analysis ...
Bleeping Computer

Popular Forge library gets fix for signature verification bypass flaw

A vulnerability in the ‘node-forge’ package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid. The flaw is tracked as ...
financefeeds

Shai Hulud Malware Hits 400+ JavaScript Packages in Major NPM Supply-Chain Attack

What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...
blockonomi

JavaScript Libraries with 2 Billion Weekly Downloads Targeted in Crypto Theft Attempt

18 popular NPM packages with over 2 billion weekly downloads were compromised through a phishing attack targeting developer “Qix” The malware functioned as a “crypto-clipper,” silently replacing ...
The Hacker News

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer's account was compromised in a phishing attack. The attack targeted Josh Junon (aka Qix), who ...
Bitcoin Magazine

NPM Attack: Javascript Library Compromise Goes After Bitcoin Wallets

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.
coincentral

JavaScript Packages Hijacked in Attack; Ledger Urges Caution with Crypto

A trusted developer’s NPM account was hacked, affecting JavaScript packages with over 1B downloads. Ledger CTO urges users without hardware wallets to stop onchain transactions for now. Malicious code ...
Infosecurity-magazine.com

Malicious npm Package Masquerades as Popular Email Library

A new malicious npm package impersonating the widely used nodemailer library has been uncovered by cybersecurity researchers. The package, named “nodejs-smtp,” not only functioned as an email sender ...
GitHub

dldc-packages/literal-parser

Parse the string, expect the string to contain only one expression and throw otherwise. Return the parsed object.
GitHub

A TypeScript/JavaScript library for parsing browser bookmark files (HTML format) and manipulating them as structured data. Compatible with both Deno and Node.js runtimes.

This README is an AI-generated document. Details are mostly accurate but might include inaccurate description. Browser Support: Browser compatibility is only available through the npm package. The JSR ...
CoinTelegraph

XRP Ledger Foundation spots ‘crypto stealing backdoor’ in code library

The XRP Ledger Foundation has identified a “serious vulnerability” in the official JavaScript library used for interacting with the XRP Ledger blockchain network, the nonprofit said. On April 22, ...