The Hacker News

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets

"As a new and significantly more aggressive wave of npm supply chain malware, Shai-Hulud 2 combines stealthy execution, ...

Popular Forge library gets fix for signature verification bypass flaw

A vulnerability in the 'node-forge' package, a popular JavaScript cryptography library, could be exploited to bypass ...