All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

ReDoS vulnerabilities in npm spikes by 143% and XSS continues to grow

7y agoen

Source

SnykReDoS vulnerabilities in npm spikes by 143% and XSS continues to growsnyk.io
Snippet from the RSS feed
Regex for for a single-threaded runtime could be devastating. We’ve also detected that the npm ecosystem has seen the most XSS vulnerabilities, Maven Central and PyPI follow next.

You might also wanna read

NPM Vulnerability Allows 126 Malicious Packages to Be Downloaded 86,000+ Times

Security researchers have discovered a major vulnerability in NPM (Node Package Manager) that allows attackers to distribute malicious packa

arstechnica.com·8mo ago

Popular npm packages debug and chalk compromised with crypto-intercepting malware

Starting September 8th, 2023, the popular npm packages "debug" and "chalk" were compromised with malicious code. These packages, which colle

aikido.dev·10mo ago

Post-mortem Analysis of @ctrl/tinycolor npm Supply Chain Attack via GitHub Actions

A detailed post-mortem analysis of a supply chain attack on the @ctrl/tinycolor npm package. The attack occurred when a malicious GitHub Act

sigh.dev·9mo ago

Security Researchers Discover Critical XSS Vulnerabilities in Mintlify Platform Affecting Major Tech Companies

A 16-year-old hacker and his friends discovered critical cross-site scripting vulnerabilities in Mintlify, an AI documentation platform used

gist.github.com·6mo ago

Major NPM Supply Chain Attack: @ctrl/tinycolor and 40+ Packages Compromised with Self-Propagating Malware

A sophisticated supply chain attack has compromised the popular @ctrl/tinycolor NPM package (with over 2 million weekly downloads) along wit

stepsecurity.io·9mo ago

npm's Security Measures Criticized as Insufficient Against AI-Generated Malware in JavaScript Ecosystem

The article criticizes npm's security measures, arguing that reactive solutions like 2FA cooldowns and account freezes are insufficient agai

undercodetesting.com·10d ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.