The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.

Meet Fabrice Bellard: The French engineer whose code powers YouTube, Netflix and TikTok, yet he has spent 30 years quietly out of the spotlight

Most people can name the founders of Apple, Microsoft, Meta or Tesla. Fabrice Bellard remains largely unknown outside ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
archive

Phase-Only Analog Encoding for a Multi-Antenna Fusion Center

Keep the news in the Wayback Machine. Sign Fight for the Future's letter. An icon used to represent a menu that can be toggled by interacting with this icon. A line drawing of the Internet Archive ...
Tech Times

SVG Phishing Emails Bypass Email Security: SANS Flags New MIME-Type Evasion

SVG phishing email attacks are bypassing enterprise email security gateways by hiding JavaScript inside image files and ...
Dark Reading

DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks

A sneaky IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones ...

WordPress malware campaign hides payloads in Steam profiles

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data.
GitHub

A codebase to support a pure JSON search engine requiring no backend for any XHTML5 document collection

This codebase, developed by Joey Takeda and Martin Holmes, provides a configurable, customizable tool which you can point at an XHTML5 document collection and have it generate a search page which ...