WeLiveSecurity

FrostyNeighbor: Fresh mischief and digital shenanigans

This blogpost covers newly discovered activities attributed to FrostyNeighbor, targeting governmental organizations in Ukraine. FrostyNeighbor has been running continual cyberoperations, changing and ...
Tech Times

Red Hat npm Packages Compromised, 57 More Follow: Signed Attestations Cannot Block Pipeline Hijack

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...
The Hacker News

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government ...
GitHub

[Security] Unrestricted JavaScript evaluation via browser eval command #2736

Security Issue: Unrestricted JavaScript Evaluation via Browser Eval Command Description The browser eval command accepts and executes arbitrary JavaScript expressions from user input without any ...
GitHub

eval-javascript-assert-params

Customer stories Events & webinars Ebooks & reports Business insights GitHub Skills ...
guardian.co.tt

Paria wins two of three challenges in security contract dispute

JavaScript is disabled in your web browser or browser is too old to support JavaScript. Today almost all web pages contain JavaScript, a scripting programming language that runs on visitor's web ...