Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...
GitHub

Builder for creating distributable JavaScript files from source. Concatenate, wrap, uglify.

Create a file with your build script (see the example in 'Usage' below), call it something like build.js and then run it with: Create a new Builder instance. Takes the starting directory as the first ...
Microsoft

Fixing the script: Journey to reduce XSS exposure

Cross‑site scripting (XSS) remains one of the most frequently reported web vulnerabilities—not because developers are unaware of it, but because many deployed mitigations address symptoms rather than ...
The Hacker News

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 ...
GitHub

catn8 is a file concatenation and tool which currently also supports minification of JavaScript (using uglify-js) and CSS (using clean-css).

point catn8 at your top level projects directory and let it automatically concatenate – and minify – your source files whenever a change is made. catn8 uses node's file watcher to listen to changes to ...
WeLiveSecurity

Turla’s watering hole campaign: An updated Firefox extension abusing Instagram

Update, 21 June 2017: Due to our misunderstanding of communications with Google, the Firefox extension’s infection vector discussed below was wrongly described here on 06 June 2017; this is now ...