From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...
Bleeping Computer

Signed software abused to deploy antivirus-killing scripts

A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and ...
GitHub

A tsdown plugin that automatically injects CSS imports into JS chunks.

Automatically injects CSS import statements at the top of each JS chunk during library bundling, ensuring CSS is loaded alongside JS.