SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
Infosecurity-magazine.com

Rogue Javascript Integrations Permit Attacking Opportunities

Analysis of the Alexa top 1000 websites has revealed a troubling lack of security controls required to prevent data theft and loss through client-side attacks. According to research from Tala Security ...
ZDNet

More than 75% of all vulnerabilities reside in indirect dependencies

The vast majority of security vulnerabilities in open-source projects reside in indirect dependencies rather than directly and first-hand loaded components. "Aggregating the numbers from all ...
Dark Reading

Coding Tips to Sidestep JavaScript Vulnerabilities

The Internet was all about gray backgrounds and dull text boxes in the '90s. But JavaScript changed that, allowing us to enjoy dynamic text, interactive websites, and clickable elements without ...
Business Wire

Halo Security Now Detects API Keys and Secrets Exposed in JavaScript

SAN FRANCISCO--(BUSINESS WIRE)--Web properties are increasingly relying on third-party JavaScript to increase functionality, but this can also bring inherent risks. A report from Source Defense, which ...
Dark Reading

JavaScript Packing Found in More Than 25% of Malicious Sites

JavaScript obfuscation continues to be a favored method among cyberattackers for sneaking past defenses to deliver a broad range of payloads. However, even a good method for flagging the presence of ...