Security Boulevard

SmartApeSG Launches Okendo Reviews Supply Chain Attack

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...
GitHub

Google Closure Compiler

The Closure Compiler is a tool for making JavaScript download and run faster. It is a true compiler for JavaScript. Instead of compiling from a source language to machine code, it compiles from ...
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
InfoWorld

Protocol Buffers schemas expose remote code execution risk

Researchers at Cyera found six vulnerabilities in prtobuf.js, including a flaw that can turn attacker-controlled schema data ...
The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...
InfoWorld

Open source maintainers are being targeted by AI agent as part of ‘reputation farming’

AI agents able to submit huge numbers of pull requests (PRs) to open-source project maintainers risk creating the conditions for future supply chain attacks targeting important software projects, ...
TechRadar

An incredibly popular JavaScript library might have some worrying malware issues

CVE-2025-12735 in expr-eval allows remote code execution via unsafe input evaluation Vulnerable versions ≤2.0.2; patched in 2.0.3 and forked in expr-eval-fork 3.0.0 Developers should sanitize ...
Fair Observer

Citizenship Lost: How Giorgia Meloni Closed Italy’s Door to Millions

On March 28, 2025, Italian Prime Minister Giorgia Meloni’s government enacted new citizenship restrictions that bar millions of South Americans from claiming Italian nationality through ancestry. The ...
Independent.ie

‘Every day counts’ – call to add screening for rare muscle-wasting condition to newborns’ ‘heel-prick’ test

A majority of people have supported the urgent implementation of early screening for a genetic disease that causes severe muscle degeneration. The last government promised to add the test for spinal ...
GitHub

A pure javascript JPEG encoder and decoder for node.js

maxResolutionInMP The maximum resolution image that jpeg-js should attempt to decode in megapixels. Images larger than this resolution will throw an error instead of ...
Ars Technica

Backdoor slipped into popular code library, drains ~$155k from digital wallets

Hackers pocketed as much as $155,000 by sneaking a backdoor into a code library used by developers of smart contract apps that work with the cryptocurrency known as Solana. The supply-chain attack ...
TechRadar

Anthropic updates Claude AI to write and run Javascript code

Anthropic has announced a significant update to its Claude AI chatbot allowing it to both write and execute Javascript code. Through a new analysis tool, Claude users can process data, conduct ...