Javascript

NewsSecurity NewsSecurity Vulnerabilities

Supply Chain Compromise Impacts Axios Node Package Manager​

– The Cybersecurity and Infrastructure Security Agency (CISA) released an alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm). Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environments. 

Read More
NewsSecurity Vulnerabilities

Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML [CVE-2021-41164]

CVE number = CVE-2021-41164 Affected packages The vulnerability has been discovered in the Advanced Content Filter (ACF) module and may

Read More
NewsSecurity Vulnerabilities

CKEditor HTML comments vulnerability allowing to execute JavaScript code [CVE-2021-41165]

CVE number = CVE-2021-41165 The vulnerability has been discovered in the core HTML processing module and may affect all plugins

Read More
NewsSecurity News

Thousands of retailers affected by hack

Retailers, including the official Sesame Street store, have been targeted by a hack that can steal credit card details. Malicious

Read More
NewsSecurity Vulnerabilities

Bateleur JavaScript Backdoor

Bateleur was first observed in 2017,  it is a JavaScript-based backdoor tool created by the FIN7 advanced persistent threat group.

Read More
NewsSecurity Vulnerabilities

aPAColypse The WPAD and PAC Exploits

A recent set of vulnerabilities (known as aPAColypse) related to Web Proxy Auto Discovery Protocol (WPAD) and Proxy Auto-Config (PAC)

Read More
Security Vulnerabilities

Javascript Backdoor – Bateleur

A new Javascript backdoor has been observed in recent attacks by Carbanak – an (APT) Advanced Persistent Threat group. The

Read More