InfoWorld

From typos to takeovers: Inside the industrialization of npm supply chain attacks

According to IDC, 93% of organizations use open-source software, and npm remains the largest package registry in the JavaScript ecosystem. “Compromising a single popular package can immediately reach ...
Ars Technica

In 1995, a Netscape employee wrote a hack in 10 days that now runs the Internet

Thirty years ago today, Netscape Communications and Sun Microsystems issued a joint press release announcing JavaScript, an object scripting language designed for creating interactive web applications ...
financefeeds

Shai Hulud Malware Hits 400+ JavaScript Packages in Major NPM Supply-Chain Attack

What Happened in the Shai Hulud JavaScript Attack? A major JavaScript supply-chain attack has compromised more than 400 NPM packages — including at least 10 widely used across the crypto ecosystem — ...
TechCrunch

OpenAI’s new browser is a broadside shot at Google

Today, OpenAI launched its new Atlas web browser in a surprise livestream. The show started with CEO Sam Altman, speaking directly to the audience. “We think AI represents a rare, once-a-decade ...
IEEE

Hephaistos: A Data Flow Analysis Framework for Identifying Browser Fingerprinting Functions in JavaScript

Abstract: With the increasing sophistication of web technologies in recent years, browser fingerprinting techniques have emerged as a widely used mechanism for uniquely identifying users based on ...
SD Times

Chainguard launches trusted collection of verified JavaScript libraries

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
GitHub

[Package-Request] Add Brave Browser rpm package by default

I'd like to request the package brave-browser because its a completely open source browser with very capable adblock and privacy settings by default. Because of its chromium base it allows the ...
Tom's Guide

Google just fixed a major Chrome zero-day flaw — update your browser right now

For the fastest way to join Tom's Guide Club enter your email below. We'll send you a confirmation and sign you up to our newsletter to keep you updated on all the latest news. By submitting your ...
HHS

Shai Hulud Burrows Into NPM Repository

An apparent "Dune" aficionado is responsible for perpetrating the first self-propagating attack on the npm JavaScript repository in what a security company has described as being one of the most ...
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on ...
dlnews

Huge malware attack targeting crypto exposes DeFi’s Achilles heel

Hackers poisoned JavaScript packages with crypto-stealing malware. The large scale attack exposes a DeFi weak point. The attackers have only stolen a minimal amount so far. GM, Tim here. DeFi is ...