资讯

JavaScript packages with billions of downloads were injected with malicious code in world's ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.
Bleeping Computer

Phishing attack hides JavaScript using invisible Unicode trick

A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political action ...
Ars Technica

AI-generated code could be a disaster for the software supply chain. Here’s why.

AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...
Wired

AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks

AI-generated computer code is rife with references to nonexistent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...
Decrypt

Crypto Users Warned to Stop Transacting as Massive Exploit Threatens Apps and Wallets

Security experts are advising crypto users to be very careful as a large-scale supply chain exploit could be used to swipe funds.
CoinDesk

Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads

According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to ...
InfoWorld

What makes JavaScript great

JavaScript’s low bar to entry has resulted in one of the richest programming language ecosystems in the world. This month’s ...